CLSA-2025-1754381195 php: Fix of CVE-2025-6491

CVE-2025-6491: fix buffer overflow vulnerability...

CVE-2025-45769

php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14, and other rules; the dispute tagging is not...

CLSA-2025-1753982448 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

CLSA-2025-1753963973 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

PHPGurukul Dairy Farm Shop Management System 注入漏洞

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the edit-company.php parameter companyname...

OESA-2025-1761 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

SUSE CVE-2025-6491

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. before 8.4.10 when parsing XML data in SOAP extensions, overly large 2Gb XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

WordPress plugin Gmedia Photo Gallery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Fana 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

OS Command Exec, Unix Command Shell, Bind TCP (inetd)

Execute an OS command from PHP. Listen for a connection and spawn a command shell persistent Module Options msf use payload/php/unix/cmd/bindinetd msf payloadbindinetd show actions ...actions... msf payloadbindinetd set ACTION msf payloadbindinetd show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse TCP (via ncat)

Execute an OS command from PHP. Creates an interactive shell via ncat, utilizing ssl mode Module Options msf use payload/php/unix/cmd/reversencatssl msf payloadreversencatssl show actions ...actions... msf payloadreversencatssl set ACTION msf payloadreversencatssl show options ...show and set...

OS Command Exec, Unix Command Shell, Reverse TCP SSH

Execute an OS command from PHP. Connect back and create a command shell via SSH Module Options msf use payload/php/unix/cmd/reversessh msf payloadreversessh show actions ...actions... msf payloadreversessh set ACTION msf payloadreversessh show options ...show and set options... msf...

emlog 代码注入漏洞

emlog is emlog open source PHP and MySQL based on a set of CMS site building system . emlog 2.5.7 and previous versions of the code injection vulnerability , the vulnerability stems from the file /admin/article.php parameter activepost in the wrong operation leads to cross-site scripting...

PHP Exec

Execute a PHP payload as an OS command from a Posix-compatible shell Module Options msf use payload/cmd/unix/php/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadex...

CVE-2024-51108

Multiple stored cross-site scripting XSS vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fromdate and todate...

WordPress plugin Vizeon - Business Consulting 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin Oxpitan 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...