92662 matches found
CVE-2018-25270 ThinkPHP 5.0.23 Remote Code Execution via invokefunction
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...
CVE-2018-25270
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...
WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Alukas versions 3.0.0...
WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Kapee versions 1.7.0...
WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme EmallShop versions = 2.4.21...
CVE-2026-41064
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...
PT-2026-34537
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authenticati...
📄 WebDAV PHP Upload
This Metasploit module exploits WebDAV which also has PHP enabled, such as found on XAMPP servers. It can use do by using any supplied credentials to upload via WebDAV, a PHP payload and then execute it. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection)
WWBN AVideo is an open source video platform. In versions up to and including 29.0, an incomplete fix for AVideo's test.php adds escapeshellarg for wget but leaves the filegetcontents and curl code paths unsanitized, and the URL validation regex /^http/ accepts strings like httpevil.com. Commit...
CVE-2026-41064
WWBN AVideo’s CVE-2026-33502 family is about an incomplete fix in plugin/Live/test.php. Affected versions (reported up to 29.0 in the CVE note, with related docs citing patch activity around commit 1e6cf03e93b5a5318204b010ea28440b0d9a5ab3) show that the wget path in test.php uses unsanitized user...
CVE-2026-40909
WWBN AVideo (pre-29.0) contains a path traversal in locale/save.php that concatenates $_POST['flag'] into the target path and writes $_POST['code'] to that path via fwrite(), allowing an attacker with admin access or CSRF to write arbitrary PHP files outside locale/ and achieve Remote Code Execut...
CVE-2026-40909 WWBN AVideo has a Path Traversal in Locale Save Endpoint that Enables Arbitrary PHP File Write to Any Web-Accessible Directory (RCE)
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint locale/save.php constructs a file path by directly concatenating $POST'flag' into the path at line 30 without any sanitization. The $POST'code' parameter is then written verbatim to that path via...
WebDAV PHP Upload
This module exploits WebDAV which also has PHP enabled, such as found on XAMPP servers. It can use do by using any supplied credentials to upload via WebDAV, a PHP payload and then execute it. Module Options msf use exploit/multi/http/webdavuploadphp msf exploitwebdavuploadphp show targets...
OpenMage LTS: Customer File Upload Extension Blocklist Bypass → Remote Code Execution
The product custom option file upload in OpenMage LTS uses an incomplete blocklist forbiddenextensions = php,exe to prevent dangerous file uploads. This blocklist can be trivially bypassed by using alternative PHP-executable extensions such as .phtml, .phar, .php3, .php4, .php5, .php7, and .pht...
EUVD-2025-209543
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...
EUVD-2026-24134
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
Dolibarr Allows Code Injection through its Website Module
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
GHSA-676V-WH57-P375 Dolibarr Allows Code Injection through its Website Module
In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...
CVE-2025-41011 HTML injection in PHP Point Of Sale
HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...
CVE-2026-39467 WordPress Responsive Slider by MetaSlider plugin <= 3.106.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0...