Search Results (Refine Search)
- Keyword (text search): php
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-19518 |
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. Published: November 25, 2018; 5:29:00 AM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 8.5 HIGH |
CVE-2018-19463 |
zb_system/function/lib/upload.php in Z-BlogPHP through 1.5.1 allows remote attackers to execute arbitrary PHP code by using the image/jpeg content type in an upload to the zb_system/admin/index.php?act=UploadMng URI. NOTE: The vendor's position is "We have no dynamic including. No one can run PHP by uploading an image in current version." It also requires authentication Published: November 22, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.0: 8.8 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-19458 |
In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246. Published: November 22, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-19422 |
/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these. Published: November 21, 2018; 4:29:00 PM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-19404 |
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions. Published: November 20, 2018; 7:29:00 PM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-19396 |
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. Published: November 20, 2018; 4:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-19395 |
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on COM("WScript.Shell"). Published: November 20, 2018; 4:29:01 PM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-9209 |
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2 Published: November 19, 2018; 1:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-19355 |
modules/orderfiles/ajax/upload.php in the Customer Files Upload addon 2018-08-01 for PrestaShop (1.5 through 1.7) allows remote attackers to execute arbitrary code by uploading a php file via modules/orderfiles/upload.php with auptype equal to product (for upload destinations under modules/productfiles), order (for upload destinations under modules/files), or cart (for upload destinations under modules/cartfiles). Published: November 18, 2018; 7:29:00 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-19340 |
Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter. Published: November 17, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-19274 |
Passing an absolute path to a file_exists check in phpBB before 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. Published: November 17, 2018; 8:29:00 AM -0500 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-19296 |
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. Published: November 16, 2018; 4:29:00 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19277 |
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file Published: November 14, 2018; 6:29:07 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-19246 |
PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value can be easily used to calculate the authorization data needed for local file inclusion. Published: November 13, 2018; 4:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-19220 |
An issue was discovered in LAOBANCMS 2.0. It allows remote attackers to execute arbitrary PHP code via the host parameter to the install/ URI. Published: November 12, 2018; 3:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-19180 |
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. Published: November 11, 2018; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-19127 |
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring. Published: November 09, 2018; 7:29:00 AM -0500 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2018-19053 |
PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by specifying a .php filename in a "SET GLOBAL general_log_file" statement, followed by a SELECT statement containing this PHP code. Published: November 07, 2018; 12:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |
CVE-2018-18950 |
KindEditor through 4.1.11 has a path traversal vulnerability in php/upload_json.php. Anyone can browse a file or directory in the kindeditor/attached/ folder via the path parameter without authentication. Published: November 05, 2018; 4:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2018-18942 |
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter. Published: November 05, 2018; 4:29:00 AM -0500 |
V4.0:(not available) V3.0: 7.2 HIGH V2.0: 6.5 MEDIUM |