764 matches found
EUVD-2023-30339
Malicious code in bioql PyPI...
EUVD-2023-3247
Malicious code in bioql PyPI...
EUVD-2024-33186
Malicious code in bioql PyPI...
EUVD-2023-3185
Malicious code in bioql PyPI...
EUVD-2024-35534
Malicious code in bioql PyPI...
CVE-2025-34081
The Contec Co.,Ltd. CONPROSYS HMI System CHS exposes a PHP phpinfo debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS HMI System CHS: before 3.7.7...
Contec CONPROSYS HMI System 安全漏洞
Contec CONPROSYS HMI System is an HMI Human Machine Interface/SCADA Supervisory Control and Data Acquisition software product based on HTML5 technology from Contec Japan. A security vulnerability exists in Contec CONPROSYS HMI System versions prior to 3.7.7, which originates from an unauthenticat...
PT-2025-27566 · Unknown · Conprosys Hmi System
Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.7.7 Description: The issue concerns the exposure of a PHP phpinfo debug page to unauthenticated users, potentially containing sensitive data useful for an attacker. Recommendations: For versions...
CVE-2024-35776
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo WP.This issue affects phpinfo WP: from n/a through 5.0...
CVE-2024-44820
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/Ebak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo function, which exposes detailed information about the PHP...
CVE-2024-10588
The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from...
CVE-2023-49282
msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...
CVE-2023-26542
Cross-Site Request Forgery CSRF vulnerability in Exeebit phpinfo WP plugin = 4.0 versions...
CVE-2023-39677
MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php...
CVE-2023-46042
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo...
CVE-2021-37704
PhpFastCache is a high-performance backend cache system packagist package phpfastcache/phpfastcache. In versions before 6.1.5, 7.1.2, and 8.0.7 the phpinfo can be exposed if the /vendor is not protected from public access. This is a rare situation today since the vendor directory is often located...
CVE-2020-26150
info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...
CVE-2013-2744
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function...
CVE-2018-20608
imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI...
CVE-2002-1954
Cross-site scripting XSS vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php...