National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,153 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2019-10848

Computrols CBAS 18.0.0 allows Username Enumeration.

Published: May 24, 2019; 01:29:02 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2019-10847

Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.

Published: May 24, 2019; 01:29:02 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2016-8900

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expTagController.php related to change_tags.

Published: May 24, 2019; 01:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-8898

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/ecommerce/controllers/cartController.php.

Published: May 24, 2019; 01:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-10245

Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.

Published: May 24, 2019; 01:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-11876

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.

Published: May 24, 2019; 12:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-12312

In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affects send_v2N_spi_response_from_state() in programs/pluto/ikev2_send.c that will then trigger a NULL pointer dereference leading to a restart of libreswan.

Published: May 24, 2019; 10:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-10850

Computrols CBAS 18.0.0 has Default Credentials.

Published: May 23, 2019; 04:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2019-10849

Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.

Published: May 23, 2019; 04:29:00 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-10846

Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.

Published: May 23, 2019; 04:29:00 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-10866

In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.

Published: May 23, 2019; 03:29:01 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-10855

Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.

Published: May 23, 2019; 03:29:01 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2019-10854

Computrols CBAS 18.0.0 allows Authenticated Command Injection.

Published: May 23, 2019; 03:29:00 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2019-10853

Computrols CBAS 18.0.0 allows Authentication Bypass.

Published: May 23, 2019; 03:29:00 PM -04:00
V3: 8.1 HIGH
V2: 8.3 HIGH
CVE-2019-10852

Computrols CBAS 18.0.0 allows Authenticated Blind SQL Injection via the id GET parameter, as demonstrated by the index.php?m=servers&a=start_pulling&id= substring.

Published: May 23, 2019; 03:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.5 MEDIUM
CVE-2019-10851

Computrols CBAS 18.0.0 has hard-coded encryption keys.

Published: May 23, 2019; 03:29:00 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2016-8899

Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.

Published: May 23, 2019; 03:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-8897

Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.

Published: May 23, 2019; 03:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2016-8901

b2evolution 6.7.6 suffer from an Object Injection vulnerability in /htsrv/call_plugin.php.

Published: May 23, 2019; 02:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-11231

An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of files with arbitrary content (PHP code, for example). This vulnerability is triggered by an authenticated user; however, authentication can be bypassed. According to the official documentation for installation step 10, an admin is required to upload all the files, including the .htaccess files, and run a health check. However, what is overlooked is that the Apache HTTP Server by default no longer enables the AllowOverride directive, leading to data/users/admin.xml password exposure. The passwords are hashed but this can be bypassed by starting with the data/other/authorization.xml API key. This allows one to target the session state, since they decided to roll their own implementation. The cookie_name is crafted information that can be leaked from the frontend (site name and version). If a someone leaks the API key and the admin username, then they can bypass authentication. To do so, they need to supply a cookie based on an SHA-1 computation of this known information. The vulnerability exists in the admin/theme-edit.php file. This file checks for forms submissions via POST requests, and for the csrf nonce. If the nonce sent is correct, then the file provided by the user is uploaded. There is a path traversal allowing write access outside the jailed themes directory root. Exploiting the traversal is not necessary because the .htaccess file is ignored. A contributing factor is that there isn't another check on the extension before saving the file, with the assumption that the parameter content is safe. This allows the creation of web accessible and executable files with arbitrary content.

Published: May 22, 2019; 02:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 5.0 MEDIUM