EUVD-2018-21786

ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system...

CVE-2025-39555

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in andymoyle Church Admin church-admin allows Stored XSS.This issue affects Church Admin: from n/a through = 5.0.23...

WordPress plugin Church Admin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

ThinkPHP Multiple PHP Injection RCEs

This module exploits one of two PHP injection vulnerabilities in the ThinkPHP web framework to execute code as the web user. Versions up to and including 5.0.23 are exploitable, though 5.0.23 is vulnerable to a separate vulnerability. The module will automatically attempt to detect the version of...

CVE-2006-3486

CVE-2006-3486 affects MySQL servers prior to 5.0.23 and 5.1 prior to 5.1.12. It is an off-by-one buffer overflow in Instance_options::complete_initialization (instance_options.cc) that could let local users cause a denial of service (application crash) via vectors tied to convert_dirname. The ven...