Lucene search
K

128 matches found

CNNVD
CNNVD
added 2024/10/07 12:0 a.m.4 views

PHP 安全漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.30, prior to 8.2.24, and prior to 8.3.12, which stems from a flaw in the configuration directive cgi.forceredirect, which in certain uncommon configurations could all...

7.5CVSS6.5AI score0.01077EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/07/08 12:0 a.m.5 views

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. Z-BlogPHP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload...

6.1CVSS5.9AI score0.00683EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.3 views

PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from vulnerability to Marvin attacks...

5.9CVSS6.5AI score0.01158EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/03/22 5:1 p.m.20 views

CVE-2024-29184 FreeScout Stored XSS to Privilege Escalation After CSP Bypass

FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting XSS vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the...

8CVSS7.1AI score0.00861EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/01/26 12:0 a.m.5 views

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the itemidy parameter on the /cupseasylive/stocktransactionslist.php page. An attacker...

8.2CVSS7AI score0.00398EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/26 12:0 a.m.5 views

WordPress plugin WP Mail Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

8.8CVSS7.9AI score0.01096EPSS
Exploits2References2
CNNVD
CNNVD
added 2023/11/10 12:0 a.m.6 views

Statamic Code Issue Vulnerability

Statamic is a powerful flat file Cms built on Laravel by Statamic USA. used to store all content, templates, assets and settings in files instead of databases. A security vulnerability exists in Statamic that stems from allowing an attacker to upload a crafted PHP file via the asset upload field...

9.8CVSS6.8AI score0.01121EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/11/06 12:0 a.m.5 views

Qualitor Security Breach

Qualitor is an application. A security vulnerability exists in Qualitor version 8.20 and earlier versions. An attacker exploits the vulnerability to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter...

9.8CVSS7.7AI score0.14422EPSS
Exploits4References6
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.10 views

The vulnerability of the Royal Elementor Addons and Templates plugin of the WordPress content management system allows a hacker to execute arbitrary code by loading a specially created file.

The vulnerability of the Royal Elementor Addons and Templates plugin of the WordPress content management system is related to the ability to download files of a dangerous type without limitation. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by downloading ...

10CVSS8.2AI score0.81695EPSS
Exploits18References6Affected Software1
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.4 views

Engineers Online Portal SQL Injection Vulnerability

Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. Engineers Online Portal suffers from a SQL injection vulnerability that stems from the fact that manipulation of the...

9.8CVSS8.4AI score0.00684EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/09/29 12:0 a.m.4 views

Engineers Online Portal SQL Injection Vulnerability

Engineers Online Portal is open source an online portal . It is developed using PHP, MySQL database, HTML, CSS, Javascript, jQuery, Ajax, Bootstrap and some other libraries. Engineers Online Portal suffers from a SQL injection vulnerability that stems from manipulation of the username/password...

9.8CVSS8.2AI score0.00738EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Availability Booking Calendar PHP Security Vulnerability

Availability Booking Calendar PHP is an open source availability booking calendar system by GZ Scripts. A security vulnerability exists in Availability Booking Calendar version 5.0, which stems from incorrect validation of password parameter input and vulnerability to incorrect access control...

9.8CVSS7AI score0.00746EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/17 12:0 a.m.2 views

PHP 安全漏洞

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from a buffer overflow issue, which can be exploited by an attacker to trigger a memory corruption and execute arbitrary code on the target system...

6.2CVSS8AI score0.00367EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.3 views

SUSE CVE-2009-3292

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."...

7.5CVSS7AI score0.02775EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.4 views

PT-2022-8067 · Unknown · Simple Php Link Shortener

Name of the Vulnerable Software and Affected Versions: simple php link shortener affected versions not specified Description: A critical issue was found in simple php link shortener, affecting an unknown function of the file index.php. The manipulation of the argument link"id" leads to sql...

9.8CVSS7.9AI score0.00591EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/12/15 12:0 a.m.3 views

Virtual Exim 2 安全漏洞

Virtual Exim 2 is a PHP and SQL based approach to Vexim open source. Multiple email domains can be hosted using Exim. A security vulnerability exists in Virtual Exim 2 that stems from the presence of unknown processing that manipulates to cause cross-site scripting...

6.1CVSS5.8AI score0.0051EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.2 views

PHP 缓冲区错误漏洞

PHP is a scripting language that executes on the server side. A buffer error vulnerability exists in versions prior to PHP 8.1.12, which stems from the fact that an attacker can force an invalid memory address to be read via imageloadfont in order to trigger a denial of service or obtain sensitiv...

7.1CVSS7.6AI score0.02197EPSS
Exploits3References11
CNNVD
CNNVD
added 2022/10/27 12:0 a.m.4 views

Online Pet Shop We App 代码问题漏洞

Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A security vulnerability exists in Online Pet Shop We App v1.0, which originates from an arbitrary file upload vulnerability via the Edit function in the Product Listing module, which allows an...

7.2CVSS7.6AI score0.01056EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/08/06 12:0 a.m.3 views

Wedding Hall Booking System 跨站脚本漏洞

Wedding Hall Booking System is a simple PHP-titled wedding hall booking system by the individual developer Carlo Montero. Wedding Hall Booking System suffers from a cross-site scripting vulnerability that stems from the manipulation of the parameter Message by an unknown function in the Contect...

5.4CVSS4.5AI score0.00439EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/07/25 12:0 a.m.7 views

PT-2022-3952 · Unknown · Ossn Open Source Social Network

Name of the Vulnerable Software and Affected Versions: Open Source Social Network version 6.3 LTS Description: The issue is related to an arbitrary file upload vulnerability in the /ossn/administrator/com installer component. This vulnerability allows attackers to execute arbitrary code via a...

9CVSS7.7AI score0.01574EPSS
Exploits1References12
Rows per page
Query Builder