CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

phpVMS < 7.0.6 - Legacy Importer Authorization Bypass

phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...

9.4CVSS5.8AI score0.02105EPSS

Exploits0References3

NVD•added 2026/05/09 8:16 p.m.•5 views

CVE-2026-42569

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...

9.4CVSS0.02105EPSS

Exploits0References4

ATTACKERKB•added 2026/05/09 7:21 p.m.•2 views

CVE-2026-42569

9.4CVSS5.8AI score0.02105EPSS

Exploits0References5Affected Software1

Cvelist•added 2026/05/09 7:21 p.m.•24 views

CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe

9.4CVSS0.02105EPSS

Exploits0References4

Github Security Blog•added 2026/05/04 9:20 p.m.•7 views

phpVMS has an /importer authorization bypass causing full database wipe

Security Advisory: Unauthenticated Access to Legacy Import Feature Severity: Critical Affected versions: phpVMS 7.x up to 7.0.5 Fixed in: v7.0.6 Component: Legacy importer Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this featu...

9.4CVSS5.9AI score0.02105EPSS

Exploits0References6Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2013-3459

Malware in sbrugna...

7.5CVSS6.4AI score0.01609EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2012-6399

Malware in sbrugna...

10CVSS6.4AI score0.00331EPSS

Exploits0References3

RedhatCVE•added 2025/05/22 6:8 a.m.•2 views

CVE-2012-6552

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

10CVSS7AI score0.00331EPSS

Exploits0References1

seebug.org•added 2014/07/01 12:0 a.m.•9 views

phpVMS Virtual Airline Administration 2.1.934 & 2.1.935 - SQL Injection Vulnerability

No description provided by source...

7.1AI score

Exploits0

NVD•added 2013/05/10 9:55 p.m.•8 views

CVE-2013-3524

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS...

7.5CVSS8.4AI score0.01609EPSS

Exploits1References7

Prion•added 2013/05/10 9:55 p.m.•9 views

Code injection

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

10CVSS7.2AI score0.00331EPSS

Exploits0References2Affected Software1

Prion•added 2013/05/10 9:55 p.m.•10 views

Sql injection

7.5CVSS9.1AI score0.01609EPSS

Exploits1References7Affected Software1

NVD•added 2013/05/10 9:55 p.m.•7 views

CVE-2012-6552

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

10CVSS6.6AI score0.00331EPSS

Exploits0References2

CVE•added 2013/05/10 9:0 p.m.•35 views

CVE-2012-6552

CVE-2012-6552 affects the phpVMS package (admin/action.php) in the 2.1.x line, vulnerable before 2.1.935. The description gives no explicit root cause, impact, or attack vectors beyond stating an “unspecified vulnerability” with unknown impact. Public references indicate a security fix was releas...

10CVSS6.8AI score0.00331EPSS

Exploits0References2Affected Software1

Cvelist•added 2013/05/10 9:0 p.m.•12 views

CVE-2012-6552

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

6.6AI score0.00331EPSS

Exploits0References2

Cvelist•added 2013/05/10 9:0 p.m.•14 views

CVE-2013-3524

8.4AI score0.01609EPSS

Exploits1References7

CVE•added 2013/05/10 9:0 p.m.•30 views

CVE-2013-3524

The CVE-2013-3524 entry describes a SQL injection vulnerability in the Pop Up News module (popupnewsitem/) of phpVMS, affecting version 2.0 and possibly earlier. The issue allows remote attackers to modify and retrieve data by injecting SQL through the itemid parameter. CVSS data from NVD indicat...

7.5CVSS8.8AI score0.01609EPSS

Exploits1References7Affected Software1

OpenVAS•added 2013/04/17 12:0 a.m.•17 views

phpVMS Virtual Airline Administration SQL injection Vulnerability

phpVMS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3AI score

Exploits0References6

exploitpack•added 2013/04/15 12:0 a.m.•28 views

phpVms Virtual Airline Administration 2.1.9342.1.935 - SQL Injection

phpVms Virtual Airline Administration 2.1.9342.1.935 - SQL Injection ============================================================================================================= o phpVMS Virtual Airline Administration = SQL Injection Vulnerability Software : phpVMS Virtual Airline Administration...

0.7AI score

Exploits0

0day.today•added 2013/04/15 12:0 a.m.•26 views

phpVMS Virtual Airline Administration - SQL Injection Vulnerability

phpVMS is the most popular, free, virtual airline software, with support for various ACARS applications kACARS, FSACARS, XAcars, FS Flight Keeper, and FSPassengers, AJAX-driven administration panel, complete with financial reports, schedule management and various other features designed for...

7.1AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by