Search Results (Refine Search)
- Keyword (text search): PHP
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-30802 |
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field. Published: October 10, 2023; 11:15:09 AM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
CVE-2023-44075 |
Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. Published: October 04, 2023; 4:15:10 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-44974 |
An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Published: October 03, 2023; 5:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-44973 |
An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Published: October 03, 2023; 5:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-43835 |
Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. Published: October 02, 2023; 4:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-41580 |
Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. Published: October 02, 2023; 9:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-5313 |
A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability. Published: September 30, 2023; 11:15:10 AM -0400 |
V3.1: 3.7 LOW V2.0:(not available) |
CVE-2023-43655 |
Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice. Published: September 29, 2023; 4:15:09 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-43226 |
An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. Published: September 28, 2023; 4:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-38874 |
A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands. Published: September 28, 2023; 12:15:12 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-41450 |
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. Published: September 27, 2023; 11:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-41447 |
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. Published: September 27, 2023; 11:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-41446 |
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. Published: September 27, 2023; 11:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-41453 |
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. Published: September 27, 2023; 7:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-41452 |
Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. Published: September 27, 2023; 7:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-41451 |
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. Published: September 27, 2023; 7:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-41449 |
An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. Published: September 27, 2023; 7:15:11 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-41448 |
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. Published: September 27, 2023; 7:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-41445 |
Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. Published: September 27, 2023; 7:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-43154 |
In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. Published: September 27, 2023; 11:19:33 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |