Php Exploits
1,331 exploits tracked across all sources.
Haxtheweb Haxcms-php < 26.0.0 - Remote Code Execution
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The application constructs shell command strings using unsanitized input and executes them via proc_open(). An attacker who can control parameters passed into Git operations can execute arbitrary OS commands with the privileges of the web server. Out of 17 functions that invoke shell commands only 1 function (`commit()`) correctly uses `escapeshellarg()`. When combined with another vulnerability that allows configuration manipulation, this issue can lead to full remote code execution and complete system compromise. Version 26.0.0 patches the issue.
by shreyas-challa
Contest Gallery Plugin <28.1.4 - SQL Injection
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in all versions up to, and including, 28.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerability's ’cgLostPasswordEmail’ parameter was patched in version 28.1.4, and the ’cgl_mail’ parameter was patched in version 28.1.5.
by carlosalbertotuma
CVSS 7.5
NGINX Open Source 1.29.4-1.30.0 and >=1.31.0 - HTTP/2 Request Smuggling via proxy_set_body
When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and payload bytes to the upstream peer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
by ikarolaborda
CVSS 5.8
Docker Desktop - Privilege Escalation
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with or without Enhanced Container Isolation (ECI) enabled, and with or without the "Expose daemon on tcp://localhost:2375 without TLS" option enabled.
This can lead to execution of a wide range of privileged commands to the engine API, including controlling other containers, creating new ones, managing images etc. In some circumstances (e.g. Docker Desktop for Windows with WSL backend) it also allows mounting the host drive with the same privileges as the user running Docker Desktop.
by c0gnit00
Firefox < 126 and ESR < 115.11 - Arbitrary JavaScript Execution in PDF.js via Missing Type Check
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
by xiaoqiesec0x1
CVSS 8.8
Gym-Management-System-PHP 1.0 - SQL Injection
Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key' parameters in (2) secure_login.php, and the 'login_id', 'pwfield', and 'login_key' parameters in (3) change_s_pwd.php. An unauthenticated or authenticated attacker can exploit these issues to bypass authentication, execute arbitrary SQL commands, modify database records, delete data, or escalate privileges to administrator level.
by sivaadityacoder
CVSS 9.8
GYM-MANAGEMENT-SYSTEM 1.0 - Unauthenticated SQL Injection via Name/ID Parameters
Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in (1) member_search.php, (2) trainer_search.php, and (3) gym_search.php, and via the 'id' parameter in (4) payment_search.php. An unauthenticated remote attacker can exploit these issues to inject malicious SQL commands, leading to unauthorized data extraction, authentication bypass, or modification of database contents.
by sivaadityacoder
CVSS 9.4
FastAdmin V1.0.0.20180417_beta - XSS
An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS via the application\api\controller\User.php avatar parameter.
by karson
PbootCMS 1.0.9 - SQL Injection via ParserController.php scode Parameter
An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.
by hnaoyun
CRMEB 3.1.0+ - Unrestricted Upload of File with Dangerous Type via UploadService.php
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
by honor8
CRMEB 3.1.0+ - Server-Side Request Forgery via CopyTaobao.php
In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side Request Forgery). The vulnerable code is in file /crmeb/app/admin/controller/store/CopyTaobao.php.
by honor8
Guangdong Pythagorean OA Office System <4.50.31 - CSRF
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.
by gougufree
Guangdong Pythagorean OA Office System <4.50.31 - XSS
A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230467.
by gougufree
funadmin < 3.2.3 - Cross-Site Scripting via tagLoad Function in Cx.php
A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability.
by funcmf
IBOS 4.5.4 - Cross-Site Scripting via Email Body Content Parameter
In IBOS 4.5.4 the email function has a cross site scripting (XSS) vulnerability in emailbody[content] parameter.
by ibos
IBOS 4.5.4 Open - OS Command Injection via Database Backup
In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerability.
by ibos
IBOS 4.5.4 Open - Arbitrary File Inclusion via CronController.php
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.
by ibos
ibos < 4.5.5 - Cross-Site Scripting via accesstoken Parameter
A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.
by ibos
07FLY CRM < 1.2.0 - Cross-Site Scripting in User Profile Handler
A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560.
by 07fly
phpcms V9.6.3 - Reflected Cross-Site Scripting
There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.
by phpcms
gougucms v4.08.18 - Password Reset Poisoning via Crafted Packet
gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet.
by gougufree
gougucms 4.08.18 - Stored Cross-Site Scripting via headimgurl Parameter
A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter.
by gougufree
Pear Admin Think <= 2.1.2 - Remote Code Execution via File Upload
Pear Admin Think through 2.1.2 has an arbitrary file upload vulnerability that allows attackers to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.
by Jmysy
pear_admin_think 2.1.2 - SQL Injection via Crud.php GET Request
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.
by Jmysy
Shirne CMS 1.2.0 - Path Traversal via UEditor Controller
An issue was discovered in Shirne CMS 1.2.0. There is a Path Traversal vulnerability which could cause arbitrary file read via /static/ueditor/php/controller.php
by shirne
By Source