Search Results (Refine Search)
- Keyword (text search): PHP
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-4371 |
A vulnerability was found in phpRecDB 1.3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument r/view leads to cross site scripting. The attack may be launched remotely. VDB-237194 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. Published: August 15, 2023; 11:15:09 AM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-3452 |
The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server. Published: August 11, 2023; 11:15:09 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-3824 |
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. Published: August 11, 2023; 2:15:10 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-3823 |
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. Published: August 11, 2023; 2:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-36315 |
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0. Published: August 10, 2023; 1:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-36314 |
There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0. Published: August 10, 2023; 1:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-36313 |
PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed". Published: August 10, 2023; 1:15:11 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-36312 |
There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. Published: August 10, 2023; 1:15:11 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-36311 |
There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. Published: August 10, 2023; 1:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-36310 |
There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0. Published: August 10, 2023; 1:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-36309 |
There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0. Published: August 10, 2023; 1:15:10 PM -0400 |
V3.1: 6.1 MEDIUM V2.0:(not available) |
CVE-2023-39776 |
A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file. Published: August 10, 2023; 11:15:09 AM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-38830 |
An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module. Published: August 10, 2023; 11:15:09 AM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-39518 |
social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3. Published: August 08, 2023; 3:15:10 PM -0400 |
V3.1: 5.4 MEDIUM V2.0:(not available) |
CVE-2023-36136 |
PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. Published: August 08, 2023; 11:15:10 AM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-4195 |
PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3. Published: August 06, 2023; 2:15:10 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-33367 |
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution. Published: August 04, 2023; 10:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-39551 |
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. Published: August 04, 2023; 3:15:10 PM -0400 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
CVE-2023-4141 |
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution. Published: August 03, 2023; 11:15:14 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-39343 |
Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. Published: August 03, 2023; 9:15:10 PM -0400 |
V3.1: 4.3 MEDIUM V2.0:(not available) |