EUVD-2026-32625

FacturaScripts is an open source accounting and invoicing software. Prior to v2026, an unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PH...

Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...

GHSA-CFPV-RMPF-F624 Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking

Summary Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any user including administrators views the inventory management...

CVE-2025-63738

An issue was discovered in file index.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers to gain sensitive information via phpinfo via the a parameter to the index.php...

Revive Adserver: Information Disclosure via Verbose Error Messages

Version: ==revive-adserver 6.0.0== Summary: Revive Adserver v6.0.0 exposes sensitive technical details through verbose error messages, revealing the exact MySQL/MariaDB version, SQL queries, and PHP environment details. Attackers can use this information to identify known vulnerabilities or craft...

Linux Distros Unpatched Vulnerability : CVE-2020-7059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supp...

CVE-2024-12255

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo data. This makes it possible for unauthenticated attackers to extract configuration information tha...

ZZCMS 跨站脚本漏洞

ZZCMS is a content management system CMS by the ZZCMS team in China. A cross-site scripting vulnerability exists in ZZCMS v.2023 and prior versions, which stems from a phpinfo function that discloses detailed information about the PHP environment, including server configuration, loaded modules, a...

PT-2024-40406 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions 1.17 up to 1.17.7 Description: The issue concerns an endpoint in the admin module of SimpleSAMLphp that exposes the output of the phpinfo PHP function, allowing any individual to access it without authenticating and...

PT-2023-7082

Name of the Vulnerable Software and Affected Versions ownCloud owncloud/graphapi versions 0.2.x through 0.2.0 and versions 0.3.x through 0.3.0 Description The issue is related to the graphapi app in ownCloud, which relies on a third-party GetPhpInfo.php library. This library provides a URL that,...

SUSE CVE-2014-4721

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...

Trend Micro OfficeScan 11.0XG (12.0) - Information Disclosure

Trend Micro OfficeScan 11.0XG 12.0 - Information Disclosure + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt + ISR: ApparitionSec Vendor:...

ALPINE-CVE-2016-9848

An issue was discovered in phpMyAdmin. phpinfo phpinfo.php shows PHP information including values of HttpOnly cookies. All 4.6.x versions prior to 4.6.5, 4.4.x versions prior to 4.4.15.9, and 4.0.x versions prior to 4.0.10.18 are affected...

PHP Information Disclosure Vulnerability (CNVD-2016-02886)

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. PHP has a security vulnerability that allows remote attackers to exploit a vulnerability to read the 'offset' parameter from arbitrary memory...

php: type confusion issue in phpinfo() leading to information leak

A type confusion issue was found in PHP's phpinfo function. A malicious script author could possibly use this flaw to disclose certain portions of server memory...

JFFNMS 0.8.3 admin/adm/test.php PHP Information Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/24414/info Just For Fun Network Management and Monitoring System JFFNMS is prone to multiple remote vulnerabilities, including a cross-site scripting issue, an SQL-injection issue, and multiple information-disclosure...

FlashChat 3.9.3.1 - PHP info Vulnerability

No description provided by source...

iScripts Support Desk 4.1 SQL Injection

Normal Sql postticketbeforeregistersave.php Staff table post : txtname=faris&[email protected]&prty=0&deptid=11 /!1337andselect 1 fromselect count,concatselect select select distinct concat0x7e,0x27,unhexHexcasttablename as char,0x27,0x7e from informationschema.tables where tableschema=databas...

TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server

Trustwave's SpiderLabs Security Advisory TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt Published: 2011-09-23 Version: 1.0 Vendor: IceWarp http://www.icewarp.com Product: IceWarp Mail Server Version affected: 10.3.2 a...

IceWarp Mail Server Injection / Information Disclosure

Trustwave's SpiderLabs Security Advisory TWSL2011-013: Multiple Vulnerabilities in IceWarp Mail Server https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt Published: 2011-09-23 Version: 1.0 Vendor: IceWarp http://www.icewarp.com Product: IceWarp Mail Server Version affected: 10.3.2 a...