CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

183 matches found

Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File

The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible printphpinformation.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PH...

5.3CVSS7.2AI score0.05356EPSS

Exploits0References2

NVD•added 2026/05/27 7:16 p.m.•8 views

CVE-2026-42878

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

5.3CVSS0.00049EPSS

Exploits0References1

EUVD•added 2026/05/27 6:28 p.m.•6 views

EUVD-2026-32625

5.3CVSS5.9AI score0.00049EPSS

Exploits0References1

ATTACKERKB•added 2026/05/27 6:28 p.m.•5 views

CVE-2026-42878

5.3CVSS5.9AI score0.00049EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/27 6:28 p.m.•35 views

CVE-2026-42878 FacturaScripts: Unauthenticated phpinfo() Disclosure via Installer Endpoint in FacturaScripts

5.3CVSS0.00049EPSS

Exploits0References1

Github Security Blog•added 2026/05/07 7:43 p.m.•4 views

FacturaScripts Vulnerable to Unauthenticated phpinfo() Disclosure via Installer Endpoint

Summary An unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PHP configuration, server environment variables including any database...

7.5CVSS6.5AI score0.00388EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/07 12:0 a.m.•4 views

PT-2026-38616

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to v2026 Description An unauthenticated information disclosure issue in the Installer controller allows a remote attacker to trigger the phpinfo function on a fresh deployment. By requesting the endpoint "/" with...

5.3CVSS5.8AI score0.00049EPSS

Exploits0References5

OSV•added 2025/12/09 5:15 p.m.•2 views

CVE-2025-63739

An issue was discovered in function phpinisaveAction in file webmain/system/cogini/coginiAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to authenticated users to modify PHP configuration files via the a parameter to the index.php endpoint...

4.3CVSS5.8AI score0.00038EPSS

Exploits1References1

NVD•added 2025/12/09 5:15 p.m.•2 views

CVE-2025-63739

4.3CVSS0.00038EPSS

Exploits1References1

CVE•added 2025/12/09 12:0 a.m.•9 views

CVE-2025-63739

Xinhu Rainrock RockOA 2.7.0 is affected by CVE-2025-63739 due to a flaw in phpinisaveAction() in webmain/system/cogini/coginiAction.php. An authenticated user can use the a parameter on index.php to modify PHP configuration files. The vulnerability affects the cited version; Red Hat and other sou...

4.3CVSS6.4AI score0.00038EPSS

Exploits1References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2005-3992

Malware in sbrugna...

2.6CVSS6.4AI score0.00994EPSS

Exploits0References16

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-6304

Malware in sbrugna...

4.6CVSS8.5AI score0.00052EPSS

Exploits0References7