Lucene search
K

956 matches found

Vulnrichment
Vulnrichment
added 2026/03/07 1:21 a.m.5 views

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00374EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/07 1:21 a.m.5 views

CVE-2026-3352

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS6.1AI score0.00374EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/07 1:21 a.m.38 views

CVE-2026-3352 Easy PHP Settings <= 1.0.4 - Authenticated (Administrator+) PHP Code Injection via 'wp_memory_limit' Setting

The Easy PHP Settings plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.0.4 via the updatewpmemoryconstants method. This is due to insufficient input validation on the wpmemorylimit and wpmaxmemorylimit settings before writing them to wp-config.php...

7.2CVSS0.00374EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.18 views

PT-2026-23820

Name of the Vulnerable Software and Affected Versions Easy PHP Settings plugin for WordPress versions up to and including 1.0.4 Description The Easy PHP Settings plugin for WordPress is susceptible to PHP Code Injection due to inadequate input validation on the wp memory limit and wp max memory...

7.2CVSS6AI score0.00374EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2026/02/24 12:0 a.m.133 views

📄 SPIP Saisies 5.11.0 Remote Code Execution

Proof of concept exploit for a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected. Written in PHP...

9.8CVSS6.1AI score0.05126EPSS
Exploits5
Packet Storm
Packet Storm
added 2026/02/20 12:0 a.m.130 views

📄 Selenium Server (Grid) 4.27.0 Code Injection

Proof of concept exploit for Selenium Server Grid versions 4.27.0 and below that exploits firefoxprofile to force the browser to run bash commands. ============================================================================================================================================= | Title...

5.5AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/06 12:0 a.m.206 views

📄 MikroTik RouterOS WinBox 3.41 Username Enumeration

Proof of concept exploit for MikroTik RouterOS WinBox version 3.41 that demonstrates a username enumeration vulnerability. ============================================================================================================================================= | Title : MikroTik RouterOS WinB...

5.3AI score
Exploits0
NVD
NVD
added 2026/02/03 10:16 p.m.10 views

CVE-2019-25260

OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute...

8.8CVSS0.00407EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/01/21 5:29 p.m.21 views

CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS0.0109EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/21 5:29 p.m.3 views

CVE-2021-47778 GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References5
CVE
CVE
added 2026/01/21 5:29 p.m.16 views

CVE-2021-47778

CVE-2021-47778 affects GetSimple CMS My SMTP Contact Plugin 1.1.2. A PHP code injection vulnerability exists that allows an authenticated administrator to inject arbitrary PHP code via plugin configuration parameters, resulting in remote code execution on the server. The Red Hat and NVD/NVD-deriv...

8.6CVSS6.7AI score0.0109EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:40 p.m.9 views

CVE-2023-43835

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content...

8.8CVSS7.7AI score0.01426EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:19 p.m.7 views

CVE-2018-10133

PbootCMS v0.9.8 allows PHP code injection via an IF label in index.php/About/6.html or admin.php/Site/index.html, related to the parserIfLabel function in \apps\home\controller\ParserController.php...

9.8CVSS7.5AI score0.01422EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:35 a.m.4 views

CVE-2021-41421

A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel...

4.8CVSS7.7AI score0.00481EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:39 a.m.16 views

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

9.8CVSS7.2AI score0.99628EPSS
Exploits13References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:0 a.m.8 views

CVE-2020-7206

HP nagios plugin for iLO nagios-plugins-hpilo v1.50 and earlier has a php code injection vulnerability...

9.8CVSS7.5AI score0.01677EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:57 a.m.9 views

CVE-2020-12842

ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php...

9.8CVSS7.5AI score0.01546EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.9 views

CVE-2020-10389

admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by injecting PHP code into any POST parameter when saving global settings...

7.2CVSS7.6AI score0.04884EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.7 views

CVE-2023-4197

Improper input validation in Dolibarr ERP CRM = v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code...

8.8CVSS7AI score0.32845EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 12:5 p.m.5 views

CVE-2025-14509

The Lucky Wheel for WooCommerce – Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval to execute user-supplied input from the 'Conditional Tags' setting without proper validation or sanitization...

7.2CVSS6.8AI score0.00541EPSS
Exploits0References1
Rows per page
Query Builder