php: Heap buffer over-read in exif_scan_thumbnail()

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

Command Execution Vulnerability in YCCMS

YCCMS is a version of PHP5 + MYSQL as the technical basis for the development of lightweight CMS station-building system. YCCMS has a command execution vulnerability that can be exploited by attackers to execute code to gain control of the server...

DEBIAN-CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support uncommon, urldecode function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes...

The vulnerability of the `link` function in the PHP programming language allows attackers to gain unauthorized access to information.

The vulnerability of the link function in the PHP programming language interpreter is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to sensitive information...

The vulnerability of the `exif_read_data` function in the PHP programming language involves an operation that goes beyond the permissible buffer size limits. This allows attackers to gain unauthorized access to information or cause service failures.

The vulnerability of the exifreaddata function in the PHP programming language is related to the execution of operations that exceed the permissible buffer limits. Exploiting this vulnerability can allow an attacker to gain unauthorized access to information or cause service failures...

PMB 5.6 SQL Injection

Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Date: 2020-04-20 Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -==== Software Description ====- PMB is a...

PMB 5.6 - (logid) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -====...

PMB 5.6 - 'logid' SQL Injection

Exploit Title: PMB 5.6 - 'logid' SQL Injection Google Dork: inurl:opaccss Date: 2020-04-20 Exploit Author: 41-trk Tarik Bakir Vendor Homepage: http://www.sigb.net Software Link: http://forge.sigb.net/redmine/projects/pmb/files Affected versions : = 5.6 -==== Software Description ====- PMB is a...

PT-2020-5187 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.29 PHP versions 7.3.x through 7.3.16 PHP versions 7.4.x through 7.4.4 Description: The issue is related to the urldecode function in PHP, which can be exploited to access memory locations past the allocated buff...

The vulnerability of the fgetss() function in the general-purpose scripting language PHP, which has open source code, relates to reading beyond the buffer boundaries of memory. This allows attackers to gain access to confidential data and also trigger a denial-of-service attack.

The vulnerability of the fgetss function in the general-purpose scripting language PHP, with open source code, is related to a data reading error involving tag stripping. Exploiting this vulnerability can allow an attacker to gain access to confidential data and also cause service failures...

php: Reflected XSS on PHAR 404 page

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...

php: Out-of-bounds read in base64_decode_xmlrpc in ext/xmlrpc/libxmlrpc/base64.c

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpcdecode can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64decodexmlrpc in ext/xmlrpc/libxmlrpc/base64.c...

SQL Injection Vulnerability in B2C Single Merchant Mall System

B2C single merchant mall system is a PHP open source e-commerce system designed and developed independently by Shanxi Niu Cool Information Technology Co. B2C single merchant mall system SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive database information...

The vulnerability of the exif_read_data function in the PHP programming language, related to reading beyond the buffer boundaries, allows attackers to disclose protected information or cause service failures.

The vulnerability of the exifreaddata function in the PHP programming language arises from an operation that occurs outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to disclose protected information or cause service failures...

Adive Framework Cross-Site Request Forgery Vulnerability

Adive Framework is a PHP-based MySQL database management framework . A cross-site request forgery vulnerability exists in Adive Framework. The vulnerability stems from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker could exploit this...

School Management Software PHP/mySQL CSRF Vulnerability

School Management Software PHP/mySQL is a WEB school ERP management program. A cross-site request forgery vulnerability exists in School Management Software PHP/mySQL 2019-03-14 and prior versions. The vulnerability stems from the WEB application not adequately verifying that requests are coming...

Car Rental Project Remote Code Execution Vulnerability

Car Rental Project is a PHP development project. A remote code execution vulnerability exists in Car Rental Project version 1.0, which can be exploited by attackers to upload malicious files...

Xiuno BBS code issue vulnerability

Xiuno BBS is an open source forum program based on PHP and MySQL. A code issue vulnerability exists in Xiuno BBS version 4.0. The vulnerability stems from an improperly designed or implemented problem in the code development process of a web system or product. No detailed vulnerability details ar...

Remote code execution vulnerability in ECShop backend te***.php file

ECShop is a B2C independent online store system, suitable for enterprises and individuals to quickly build a personalized online store. The system is based on PHP language and MYSQL database structure development of cross-platform open source program. ECShop background te.php file remote code...

XSS Vulnerability in RGCMS RuiGu Information Management System

RuiGu information management system RGCMS is a set of open source building management system, using PHP language, written in the framework of Thinkphp5.1.+, the database using MYSQL database. RGCMS RuiGu Information Management System has an XSS vulnerability that can be exploited by an attacker t...