CVE-2019-14771

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 allows the upload of entire-site configuration archives through the user interface or command line. It does not sufficiently check uploaded archives for invalid data, potentially allowing non-configuration scripts to be uploaded to the...

CVE-2015-9479

The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php...

php: Stream HTTP wrapper header check might omit basic auth header

A flaw was found in PHP. This vulnerability allows certain headers to be either not sent or misinterpreted due to insufficient validation of the end-of-line characters via user-supplied headers...

WordPress plugin Material Dashboard 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability exists in PHP versions prior to 8.3.19 and prior to 8.4.5, which stems from a code sequence involving the set handler or the ??? = operators and exceptions in a code sequence could lead to a post-release...

OESA-2025-1306 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

WordPress plugin Allow PHP Execute 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code injection vulnerability exists in...

Daily Expense Tracker System SQL Injection Vulnerability (CNVD-2025-31004)

Daily Expense Tracker System is a PHP and MySQL based daily expense tracking system. Daily Expense Tracker System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the dateexpense parameter in /dets/add-expense.php. No details ...

DEBIAN-CVE-2024-13723

The "NagVis" component within Checkmk is vulnerable to remote code execution. An authenticated attacker with administrative level privileges is able to upload a malicious PHP file and modify specific settings to execute the contents of the file as PHP...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Registration role prior to version 2.0.1, which stems from the inclusion of a privilege assignment error vulnerability...

emlog 代码注入漏洞

emlog is emlog personal developer of a PHP and MySQL based CMS site building system. Code injection vulnerability exists in emlog 2.4.1 and previous versions, the vulnerability stems from the manipulation of the keyword parameter in the /admin/tag.php file leading to cross-site scripting attacks...

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. A security vulnerability exists in PHP that stems from URIs that are not properly cleaned. The following versions are affected: versions 8.1. through 8.1.31, 8.2. through 8.2.26, and 8.3. through 8.3.14...

PHP 安全漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP that stems from the possibility of contaminating the final log or removing up to four characters from a log message by manipulating the contents of the log message...

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. A security vulnerability exists in PHP that stems from incorrectly parsing multipart form data contained in an HTTP POST request could result in legitimate data not being processed, thereby compromising data integrity...

PHP 安全漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.30, prior to 8.2.24, and prior to 8.3.12, which stems from a flaw in the configuration directive cgi.forceredirect, which in certain uncommon configurations could all...

Z-BlogPHP 安全漏洞

Z-BlogPHP is an open source PHP-based blogging system for the Z-blog community. Z-BlogPHP suffers from a cross-site scripting vulnerability that can be exploited by an attacker to execute arbitrary web script or HTML via a crafted payload...

PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from vulnerability to Marvin attacks...

CVE-2024-29184 FreeScout Stored XSS to Privilege Escalation After CSP Bypass

FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting XSS vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the...

Cups Easy 跨站脚本漏洞

Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the itemidy parameter on the /cupseasylive/stocktransactionslist.php page. An attacker...

WordPress plugin WP Mail Log security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...