CVE-2026-6909

ATutor is vulnerable to Reflected XSS in /install/upgrade.php endpoint. An attacker can provide a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is no longer actively supported. Maintainers of this project were notified early...

[SECURITY] [DLA 4586-1] php7.4 security update

Debian LTS Advisory DLA-4586-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin May 16, 2026 https://wiki.debian.org/LTS Package : php7.4 Version : 7.4.33-1+deb11u11 CVE ID : CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 CVE-2026-7261 CVE-2026-7262 CVE-2026-7568 Debian...

CVE-2025-66253 Unauthenticated OS Command Injection (start_upgrade.php)

Unauthenticated OS Command Injection startupgrade.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec allows remote code execution via...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

CSZCMS 安全漏洞

CSZCMS is an open source web application by Cskaza Bassist Individual Developer that allows to manage all content and settings on a website. A security vulnerability exists in CSZCMS version 1.3.0, which stems from unauthenticated input to the execSql function in the Upgrade.php file, which could...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

QibosoftX 代码注入漏洞

A code injection vulnerability exists in QibosoftX1 v1.0, which can be exploited by attackers to execute arbitrary PHP code via the client-side upgrade edition.php and upgrade.php...

PT-2009-5082 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 5.2.10 Description: The issue is related to the exif read data function in the Exif module, which allows remote attackers to cause a denial of service crash by providing a malformed JPEG image with invalid offset fields...

PHP setting leaks from .htaccess files on virtual hosts

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description If the server configuration "php.ini" file has "registerglobals = on" and a request is made to one virtual host which has "phpadminflag...

PHP contains vulnerability in "php_mime_split" function allowing arbitrary code execution

Overview Vulnerabilities in PHP versions 3 and 4 could allow an intruder to execute arbitrary code with the privileges of the web server. Description PHP is a scripting language widely used in web development. PHP can be installed on a variety of web servers, including Apache, IIS, Caudium,...

PHP File Upload Capability Hidden Form Field Modification Arbitrary File Access

A version of PHP that is older than 3.0.17 or 4.0.3 is running on this host. If a PHP service that allows users to upload files and then display their content is running on this host, an attacker may be able to read arbitrary files from the server. %NASLMINLEVEL 70300 C Tenable Network Security,...