National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,577 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2019-8425

includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.

Published: February 17, 2019; 07:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-8424

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.

Published: February 17, 2019; 07:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-8423

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.

Published: February 17, 2019; 07:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-8422

A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.

Published: February 17, 2019; 05:29:00 PM -05:00
V3: 7.2 HIGH
V2: 6.5 MEDIUM
CVE-2019-8421

upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.

Published: February 17, 2019; 05:29:00 PM -05:00
(not available)
CVE-2019-8418

SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.

Published: February 17, 2019; 04:29:00 PM -05:00
(not available)
CVE-2019-8412

FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.

Published: February 17, 2019; 02:29:00 PM -05:00
(not available)
CVE-2019-8411

admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.

Published: February 17, 2019; 02:29:00 PM -05:00
V3: 7.5 HIGH
V2: 6.4 MEDIUM
CVE-2019-8408

OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice.

Published: February 17, 2019; 01:29:00 PM -05:00
V3: 4.9 MEDIUM
V2: 4.0 MEDIUM
CVE-2019-8407

HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.

Published: February 17, 2019; 01:29:00 PM -05:00
V3: 6.5 MEDIUM
V2: 5.5 MEDIUM
CVE-2019-8393

Hotels_Server through 2018-11-05 has SQL Injection via the API because the controller/api/login.php telephone parameter is mishandled.

Published: February 17, 2019; 10:29:00 AM -05:00
(not available)
CVE-2019-8363

Verydows 2.0 has XSS via the index.php?c=main a parameter, as demonstrated by an a=index[XSS] value.

Published: February 16, 2019; 05:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-8362

DedeCMS through V5.7SP2 allows arbitrary file upload in dede/album_edit.php or dede/album_add.php, as demonstrated by a dede/album_edit.php?dopost=save&formzip=1 request with a ZIP archive that contains a file such as "1.jpg.php" (because input validation only checks that .jpg, .png, or .gif is present as a substring, and does not otherwise check the file name or content).

Published: February 16, 2019; 05:29:00 PM -05:00
(not available)
CVE-2019-8361

PHP Scripts Mall Responsive Video News Script has XSS via the Search Bar. This might, for example, be leveraged for HTML injection or URL redirection.

Published: February 16, 2019; 05:29:00 PM -05:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-8360

Themerig Find a Place CMS Directory 1.5 has SQL Injection via the find/assets/external/data_2.php cate parameter.

Published: February 16, 2019; 05:29:00 PM -05:00
(not available)
CVE-2015-4617

Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory.

Published: February 15, 2019; 04:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2015-4615

Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables

Published: February 15, 2019; 04:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2013-5654

Vulnerability in YingZhi Python Programming Language v1.9 allows arbitrary anonymous uploads to the phone's storage

Published: February 15, 2019; 04:29:00 PM -05:00
(not available)
CVE-2013-2565

A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.

Published: February 15, 2019; 04:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2013-2516

Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.

Published: February 15, 2019; 04:29:00 PM -05:00
V3: 8.8 HIGH
V2: 9.3 HIGH