CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

phpVMS < 7.0.6 - Legacy Importer Authorization Bypass

phpVMS 7.0.6 contains an authentication bypass caused by unauthenticated access to a legacy import feature, letting unauthenticated attackers access restricted functionality, exploit requires no special privileges. id: CVE-2026-42569 info: name: phpVMS 7.0.6 - Legacy Importer Authorization Bypass...

9.4CVSS5.8AI score0.01173EPSS

Exploits1References3

Packet Storm•added 2026/06/09 12:0 a.m.•33 views

📄 phpVMS 7.0.5 Unauthenticated Import Endpoint Bypass

Proof of concept targeting phpVMS versions 7.0.5 and below. It scans multiple importer-related endpoints, attempts POST-based actions that simulate or trigger destructive operations such as import, delete, and database wipe behaviors, and classifies a target as vulnerable based on HTTP responses...

9.4CVSS5.4AI score0.01173EPSS

Exploits1

NVD•added 2026/05/09 8:16 p.m.•14 views

CVE-2026-42569

phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6...

9.4CVSS0.01173EPSS

Exploits1References4

ATTACKERKB•added 2026/05/09 7:21 p.m.•5 views

CVE-2026-42569

9.4CVSS5.8AI score0.01173EPSS

Exploits1References5Affected Software1

Cvelist•added 2026/05/09 7:21 p.m.•32 views

CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe

9.4CVSS0.01173EPSS

Exploits1References4

Github Security Blog•added 2026/05/04 9:20 p.m.•13 views

phpVMS has an /importer authorization bypass causing full database wipe

Security Advisory: Unauthenticated Access to Legacy Import Feature Severity: Critical Affected versions: phpVMS 7.x up to 7.0.5 Fixed in: v7.0.6 Component: Legacy importer Summary A critical vulnerability in phpVMS 7.x allowed unauthenticated access to a legacy import feature. Although this featu...

9.4CVSS5.9AI score0.01173EPSS

Exploits1References6Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2012-6399

Malware in sbrugna...

10CVSS6.4AI score0.01669EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2013-3459

Malware in sbrugna...

7.5CVSS6.4AI score0.02567EPSS

Exploits1References8

RedhatCVE•added 2025/05/22 6:8 a.m.•3 views

CVE-2012-6552

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

10CVSS7AI score0.01669EPSS

Exploits0References1

seebug.org•added 2014/07/01 12:0 a.m.•10 views

phpVMS Virtual Airline Administration 2.1.934 & 2.1.935 - SQL Injection Vulnerability

No description provided by source...

7.1AI score

Exploits0

NVD•added 2013/05/10 9:55 p.m.•17 views

CVE-2013-3524

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS...

7.5CVSS8.4AI score0.02567EPSS

Exploits1References7

Prion•added 2013/05/10 9:55 p.m.•13 views

Code injection

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

10CVSS7.2AI score0.01669EPSS

Exploits0References2Affected Software1

Prion•added 2013/05/10 9:55 p.m.•14 views

Sql injection

7.5CVSS9.1AI score0.02567EPSS

Exploits1References7Affected Software1

NVD•added 2013/05/10 9:55 p.m.•12 views

CVE-2012-6552

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

10CVSS6.6AI score0.01669EPSS

Exploits0References2

Cvelist•added 2013/05/10 9:0 p.m.•19 views

CVE-2012-6552

Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors...

6.6AI score0.01669EPSS

Exploits0References2

CVE•added 2013/05/10 9:0 p.m.•35 views

CVE-2013-3524

The CVE-2013-3524 entry describes a SQL injection vulnerability in the Pop Up News module (popupnewsitem/) of phpVMS, affecting version 2.0 and possibly earlier. The issue allows remote attackers to modify and retrieve data by injecting SQL through the itemid parameter. CVSS data from NVD indicat...

7.5CVSS8.8AI score0.02567EPSS

Exploits1References7Affected Software1

Cvelist•added 2013/05/10 9:0 p.m.•23 views

CVE-2013-3524

8.4AI score0.02567EPSS

Exploits1References7

CVE•added 2013/05/10 9:0 p.m.•37 views

CVE-2012-6552

CVE-2012-6552 affects the phpVMS package (admin/action.php) in the 2.1.x line, vulnerable before 2.1.935. The description gives no explicit root cause, impact, or attack vectors beyond stating an “unspecified vulnerability” with unknown impact. Public references indicate a security fix was releas...

10CVSS6.8AI score0.01669EPSS

Exploits0References2Affected Software1

OpenVAS•added 2013/04/17 12:0 a.m.•17 views

phpVMS Virtual Airline Administration SQL injection Vulnerability

phpVMS is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.3AI score

Exploits0References6

exploitpack•added 2013/04/15 12:0 a.m.•29 views

phpVms Virtual Airline Administration 2.1.9342.1.935 - SQL Injection

phpVms Virtual Airline Administration 2.1.9342.1.935 - SQL Injection ============================================================================================================= o phpVMS Virtual Airline Administration = SQL Injection Vulnerability Software : phpVMS Virtual Airline Administration...

0.7AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by