National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 26,136 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2019-10909

In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle.

Published: May 16, 2019; 06:29:00 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-17048

admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection.

Published: May 16, 2019; 11:29:00 AM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2014-9919

An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.

Published: May 15, 2019; 10:29:00 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2014-9918

An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.

Published: May 15, 2019; 10:29:00 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-12099

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.

Published: May 14, 2019; 05:29:01 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2019-8923

XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.

Published: May 14, 2019; 12:29:02 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-18800

The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=[SQL], index.php?p=rooms&q=[SQL], or admin/login.php.

Published: May 14, 2019; 11:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-8342

A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0.0111 on macOS has been discovered due to an incorrect permission set.

Published: May 13, 2019; 01:29:03 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-19990

In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal configuration memory without any regex checking. And in the do_wps function of the wps.php source code, the data in $rphyinf3."/media/wps/enrollee/pin" is used with the wpatalk command without any regex checking. A vulnerable /HNAP1/SetWiFiVerifyAlpha XML message could have shell metacharacters in the WPSPIN element such as the `telnetd` string.

Published: May 13, 2019; 10:29:01 AM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2018-19989

In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string.

Published: May 13, 2019; 10:29:01 AM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2018-19988

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string.

Published: May 13, 2019; 10:29:01 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-19987

D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string.

Published: May 13, 2019; 10:29:01 AM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2018-19986

In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string.

Published: May 13, 2019; 10:29:01 AM -04:00
V3: 9.8 CRITICAL
V2: 10.0 HIGH
CVE-2018-18872

The Kieran O'Shea Calendar plugin before 1.3.11 for WordPress has Stored XSS via the event_title parameter in a wp-admin/admin.php?page=calendar add action, or the category name during category creation at the wp-admin/admin.php?page=calendar-categories URI.

Published: May 13, 2019; 10:29:00 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2012-6652

Directory traversal vulnerability in pageflipbook.php script from index.php in Page Flip Book plugin for WordPress (wppageflip) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pageflipbook_language parameter.

Published: May 13, 2019; 10:29:00 AM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-16639

Typesetter 5.1 allows XSS via the index.php/Admin LABEL parameter during new page creation.

Published: May 13, 2019; 09:29:02 AM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-16626

index.php/Admin/Classes in Typesetter 5.1 allows XSS via the description of a new class name.

Published: May 13, 2019; 09:29:01 AM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2018-16625

index.php/Admin/Uploaded in Typesetter 5.1 allows XSS via an SVG file with JavaScript in a SCRIPT element.

Published: May 13, 2019; 09:29:01 AM -04:00
V3: 4.8 MEDIUM
V2: 3.5 LOW
CVE-2019-11066

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.

Published: May 10, 2019; 04:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2017-12789

Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.

Published: May 10, 2019; 11:29:00 AM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM