U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
There are 8,277 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2024-0286

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843.

Published: January 07, 2024; 1:15:16 PM -0500
V3.1: 6.1 MEDIUM
V2.0:(not available)
CVE-2023-52262

outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input.

Published: December 30, 2023; 2:15:08 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-7173

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file registration.php. The manipulation of the argument First Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249357 was assigned to this vulnerability.

Published: December 30, 2023; 7:15:44 AM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-7172

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Dashboard. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249356.

Published: December 30, 2023; 4:15:07 AM -0500
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2023-50035

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the SQL Injection payload being executed.

Published: December 29, 2023; 4:15:08 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-5931

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. subscribers) to upload arbitrary files such as PHP on the server

Published: December 26, 2023; 2:15:08 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-5673

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution.

Published: December 26, 2023; 2:15:07 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-52086

resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)

Published: December 26, 2023; 1:15:09 PM -0500
V3.1: 8.1 HIGH
V2.0:(not available)
CVE-2023-7100

A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Affected is an unknown function of the file /admin/bwdates-report-details.php. The manipulation of the argument fdate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248952.

Published: December 24, 2023; 10:15:08 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-7099

A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This issue affects some unknown processing of the file bwdates-report-result.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248951.

Published: December 24, 2023; 10:15:08 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-6971

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0.8 to 1.3.9 via the 'content-dir' HTTP header. This makes it possible for unauthenticated attackers to include remote files on the server, resulting in code execution. NOTE: Successful exploitation of this vulnerability requires that the target server's php.ini is configured with 'allow_url_include' set to 'on'. This feature is deprecated as of PHP 7.4 and is disabled by default, but can still be explicitly enabled in later versions of PHP.

Published: December 22, 2023; 9:15:45 PM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-51651

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Within the scope of requests to S3 object keys and/or prefixes containing a Unix double-dot, a URI path traversal is possible. The issue exists in the `buildEndpoint` method in the RestSerializer component of the AWS SDK for PHP v3 prior to 3.288.1. The `buildEndpoint` method relies on the Guzzle Psr7 UriResolver utility, which strips dot segments from the request path in accordance with RFC 3986. Under certain conditions, this could lead to an arbitrary object being accessed. This issue has been patched in version 3.288.1.

Published: December 22, 2023; 4:15:09 PM -0500
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2023-7055

A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Affected is an unknown function of the file /user/profile.php of the component Contact Information Handler. The manipulation of the argument mobilenumber leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-248742 is the identifier assigned to this vulnerability.

Published: December 21, 2023; 10:15:09 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-7054

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /user/add-notes.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248741 was assigned to this vulnerability.

Published: December 21, 2023; 9:15:43 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-7053

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/signup.php. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248740.

Published: December 21, 2023; 9:15:43 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-7052

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. It has been classified as problematic. This affects an unknown part of the file /user/profile.php. The manipulation of the argument name leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-248739.

Published: December 21, 2023; 8:15:12 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-7051

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/manage-notes.php of the component Notes Handler. The manipulation of the argument delid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-248738 is the identifier assigned to this vulnerability.

Published: December 21, 2023; 5:15:15 PM -0500
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-7050

A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file user/profile.php. The manipulation of the argument name/email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248737 was assigned to this vulnerability.

Published: December 21, 2023; 5:15:15 PM -0500
V3.1: 5.4 MEDIUM
V2.0:(not available)
CVE-2023-49772

Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0.

Published: December 20, 2023; 11:15:09 AM -0500
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2023-49006

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file.

Published: December 19, 2023; 5:15:07 AM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)