30 matches found
AlmaLinux 10 : php (ALSA-2026:23388)
The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:23388 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...
MiracleLinux 9 : php:8.2 (AXSA:2026-118:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-118:01 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML...
PT-2025-50846
The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the lpblocks cookie. This is due to the lp track function passing unsanitized cookie data directly to the unserialize function...
EUVD-2011-1166
Malware in sbrugna...
EUVD-2015-6769
Malware in sbrugna...
CVE-2023-41506
An arbitrary file upload vulnerability in the Update/Edit Student's Profile Picture function of Student Enrollment In PHP v1.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...
ROS-20241220-01
A vulnerability in the password verification function of the PHP programming language is related to insufficient calculation of the password hash. password hash. Exploitation of the vulnerability allows an attacker to affect data integrity...
Optigo Networks ONS-S8 - Spectra Aggregation Switch
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Optigo Networks Equipment: ONS-S8 - Spectra Aggregation Switch Vulnerabilities: Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion', Weak...
[SECURITY] Fedora 40 Update: roundcubemail-1.6.7-1.fc40
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
CVE-2024-34523
AChecker 1.5 allows remote attackers to read the contents of arbitrary files via the download.php path parameter by using Unauthenticated Path Traversal. This occurs through readfile in PHP. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2023-43144
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...
The vulnerability of the sapi_header_op function in the PHP programming language allows attackers to carry out XSS attacks.
The vulnerability of the sapiheaderop function in the PHP programming language is related to the lack of measures taken to protect web page structures. Exploiting this vulnerability allows an attacker to perform XSS attacks remotely...
SQL Injection Vulnerability in in***.php Page of Winda System Management Platform
Winda system management platform is a rapid station building and management platform developed by Guangxi Jixiang NetDa Information Technology Co. There is a SQL injection vulnerability in the in.php page of the Winda system management platform, which can be exploited by attackers to obtain...
SQL Injection Vulnerability in in***.php of Longcai Technology Group Co.
Longcai Technology Group Limited Liability Company is a company dedicated to the development and construction of the Internet enterprise wisdom cloud service platform, and "Internet + industry innovation" platform services. Longcai Technology Group Limited Liability Company building system in.php...
LaySNS suffers from SQL injection vulnerability in in***.php file
LaySNS is a lightweight, integrated content management and community interaction website management system based on ThinkPHP+Layui architecture. LaySNS has a SQL injection vulnerability in the in.php file, which can be exploited by attackers to obtain sensitive database information...
SQL injection vulnerability in In***.php file of MyuCMS open source content management system (CNVD-2020-18786)
MyuCMS open source content management system developed using ThinkPHP community mall aggregation, plug-ins, templates, lightweight and fast easy to expand. MyuCMS open source content management system In.php file SQL injection vulnerability . Attackers can exploit the vulnerability to obtain...
SQL Injection Vulnerability in Yunye CMS in***.php Page
Yunye CMS is an enterprise website building system developed by Luoyang Yunye Information Technology Co. There is a SQL injection vulnerability in the CMS in.php page, which can be exploited by attackers to obtain sensitive information...
SQL injection vulnerability in in***.php file of Laikai e-commerce system (CNVD-2020-00181)
Laike e-commerce system is an open source e-commerce system. Laike e-commerce system in.php file contains a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database...
SQL Injection Vulnerability in Tpshop v3.5 In***.php Page
Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 In.php page. Attackers can use the vulnerability to obtain sensitive information in the database...
Arbitrary file read vulnerability in zzzphp in***.php file
zzphp is a free website building system developed using PHP. An arbitrary file read vulnerability exists in the zzzphp in.php file. An attacker can exploit the vulnerability to read sensitive information...