National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): PHP
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 25,992 matching records.
Displaying matches 261 through 280.
Vuln ID Summary CVSS Severity
CVE-2018-20639

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 has HTML injection via the Search Bar.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20638

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20637

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service (unrecoverable blank profile) via crafted JavaScript code in the First Name and Last Name field.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20636

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First Name field.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20635

PHP Scripts Mall Advance B2B Script 2.1.4 has directory traversal via a direct request for a listing of an image directory such as an assets/ directory.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 4.3 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20634

PHP Scripts Mall Advance B2B Script 2.1.4 allows remote attackers to cause a denial of service (changed Page structure) via JavaScript code in the First Name field.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20633

PHP Scripts Mall Advance B2B Script 2.1.4 has Cross-Site Request Forgery (CSRF) via the Edit Profile feature.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2018-20632

PHP Scripts Mall Advance B2B Script 2.1.4 has stored Cross-Site Scripting (XSS) via the FIRST NAME or LAST NAME field.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20631

PHP Scripts Mall Website Seller Script 2.0.5 allows full Path Disclosure via a request for an arbitrary image URL such as a .png file.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-20630

PHP Scripts Mall Advance Crowdfunding Script 2.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-20629

PHP Scripts Mall Charity Donation Script readymadeb2bscript has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-20628

PHP Scripts Mall Charity Foundation Script 1 through 3 allows directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-20627

PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 5.4 MEDIUM
V2: 3.5 LOW
CVE-2018-20626

PHP Scripts Mall Consumer Reviews Script 4.0.3 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2018/12 directory.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 6.5 MEDIUM
V2: 4.0 MEDIUM
CVE-2018-20555

The Design Chemical Social Network Tabs plugin 1.7.1 for WordPress allows remote attackers to discover Twitter access_token, access_token_secret, consumer_key, and consumer_secret values by reading the dcwp_twitter.php source code. This leads to Twitter account takeover.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20526

Roxy Fileman 1.4.5 allows unrestricted file upload in upload.php.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20525

Roxy Fileman 1.4.5 allows Directory Traversal in copydir.php, copyfile.php, and fileslist.php.

Published: March 21, 2019; 12:00:36 PM -04:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-20323

www/soap/application/MCSoap/Logs.php in MailCleaner Community Edition 2018.08 allows remote attackers to execute arbitrary OS commands.

Published: March 21, 2019; 12:00:35 PM -04:00
V3: 8.8 HIGH
V2: 9.0 HIGH
CVE-2018-19515

In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the administrator. However, by using one of the bgsend, atment_sddd1xGz, or xls_bgimport query parameters, most of these methods become available to unauthenticated users.

Published: March 21, 2019; 12:00:31 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-19514

In Webgalamb through 7.0, an arbitrary code execution vulnerability could be exploited remotely without authentication. Exploitation requires authentication bypass to access administrative functions of the site to upload a crafted CSV file with a malicious payload that becomes part of a PHP eval() expression in the subscriber.php file.

Published: March 21, 2019; 12:00:31 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH