CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function...

9.3CVSS7.7AI score0.91414EPSS

Exploits5References1

RedhatCVE•added 2019/10/04 8:36 p.m.•20 views

CVE-2008-4687

manageprojpage.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by createfunction within the multisort function in core/utilityapi.php...

9CVSS7.5AI score0.79225EPSS

Exploits4References3

NVD•added 2011/12/29 4:15 a.m.•9 views

CVE-2011-5021

PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service ReDoS filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors...

7.5CVSS6.8AI score0.00239EPSS

Exploits0References1

Prion•added 2011/12/29 4:15 a.m.•12 views

Design/Logic Flaw

7.5CVSS7.3AI score0.00239EPSS

Exploits0References1Affected Software1

NVD•added 2011/12/22 3:29 p.m.•12 views

CVE-2011-4453

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP createfunction function...

7.5CVSS7.5AI score0.84053EPSS

Exploits12References3

Prion•added 2011/12/22 3:29 p.m.•12 views

Code injection

7.5CVSS8.1AI score0.84053EPSS

Exploits12References3Affected Software1

Cvelist•added 2011/12/22 3:0 p.m.•20 views

CVE-2011-4453

7.5AI score0.84053EPSS

Exploits12References3

Cvelist•added 2009/05/18 6:0 p.m.•18 views

CVE-2009-1677

Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...

7.1AI score0.01793EPSS

Exploits0References5

Prion•added 2009/02/22 10:30 p.m.•10 views

Code injection

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the pregreplace function with the eval switch, ...

6.5CVSS7.9AI score0.16867EPSS

Exploits0References8Affected Software1

Prion•added 2009/02/19 4:30 p.m.•13 views

Unrestricted file upload

Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploadin...

7.5CVSS8.3AI score0.10873EPSS

Exploits3References5Affected Software2

Cvelist•added 2009/02/19 4:0 p.m.•16 views

CVE-2008-6178

7.7AI score0.10873EPSS

Exploits2References5

Cvelist•added 2008/10/22 5:0 p.m.•19 views

CVE-2008-4687

7AI score0.79225EPSS

Exploits4References13

NVD•added 2008/09/18 3:4 p.m.•13 views

CVE-2008-4096

libraries/databaseinterface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to serverdatabases.php with a sortby parameter containing PHP sequences, which are processed by createfunction...

8.5CVSS5.9AI score0.16932EPSS

Exploits1References24

Prion•added 2008/09/18 3:4 p.m.•17 views

Design/Logic Flaw

8.5CVSS7.2AI score0.16932EPSS

Exploits1References24Affected Software1

Prion•added 2008/09/04 6:41 p.m.•7 views

Code injection

9.3CVSS7.9AI score0.91414EPSS

Exploits5References11Affected Software1

NVD•added 2008/09/04 6:41 p.m.•14 views

CVE-2008-3922