CVE-2025-1782

In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitized before being used and can be misused to include an arbitrary file in the PHP code allowing an attacker to do anything as the web server user. This flaw requires the attacker to be authenticated...

PT-2025-16085

Name of the Vulnerable Software and Affected Versions: EventON versions prior to 2.3.2 EventON version 2.3.2 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

UpdraftPlus plugin’s vulnerability: The WP Backup & Migration system for WordPress content management system, which allows attackers to inject a PHP object into the system.

UpdraftPlus plugin’s vulnerability: The WP Backup & Migration system of the WordPress content management system is vulnerable due to shortcomings in the deserialization mechanism. Exploiting this vulnerability allows an attacker to inject a PHP object remotely...

PHP Parser 安全漏洞

PHP Parser is a PHP parser written in PHP by Nikita Popov, a personal developer. A security vulnerability exists in PHP Parser version v3.2.1, which stems from the lib.combine function containing a prototype contamination vulnerability...

WordPress plugin Funnelforms Free 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

The vulnerability of the ldap_escape() function in the PHP programming language allows a hacker to trigger a service failure.

The vulnerability of the ldapescape function in the PHP programming language is related to the escape operation going beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...

DEBIAN-CVE-2024-8932

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write...

WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin NIX Anti-Spam Light versions = 0.0.4...

Symfony 注入漏洞

Symfony is a PHP framework for web and console applications and a set of reusable PHP components from Symfony. Symfony suffers from an injection vulnerability that stems from allowing the separation of a PHP application from its global state...

The vulnerability of the PHP programming language interpreter, which allows attackers to circumvent existing security restrictions

The vulnerability of the PHP programming language interpreter is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and manipulate the PHP-FPM logs...

The vulnerability of the PHP programming language interpreter, related to insufficient validation of input data, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the PHP programming language interpreter is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...

WordPress Betheme theme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Betheme versions = 27.5.6...

The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” involves unlimited loading of dangerous type files, allowing a hacker to execute arbitrary code.

The vulnerability of the virtual server “1C-Bitrix: Virtual Machine” is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted PHP file...

CVE-2024-35778

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17...

Student Enrollment In PHP Security Vulnerability

Student Enrollment In PHP is an open source student enrollment system by code-projects. A security vulnerability exists in Student Enrollment In PHP v1.0, which is caused by an arbitrary file upload vulnerability in the Update or Edit Student Avatar feature, which can be exploited to execute...

WordPress plugin Better Search Replace security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-52262

outdoorbits little-backup-box aka Little Backup Box before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input...

Number withdrawn

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. This CVE number has been withdrawn...

Juniper Networks Junos OS EX 安全漏洞

Juniper Networks Junos OS EX is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. A security vulnerability exists in Juniper Networks Junos OS EX, which is caused by a PHP external variab...

SUSE CVE-2003-1302

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...