Php Exploits
1,334 exploits tracked across all sources.
Php < 5.3.13 - Denial of Service
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted parameter value.
by 0x721427D8
WordPress Plugin Post Recommendations - 'abspath' Remote File Inclusion
by Sammy FORGIT
Tikiwiki Cms/groupware < 8.2 - Information Disclosure
TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to obtain the installation path via a direct request to (1) admin/include_calendar.php, (2) tiki-rss_error.php, or (3) tiki-watershed_service.php.
by EgiX
TikiWiki CMS/Groupware < 6.7 LTS & < 8.4 - RCE
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function.
by EgiX
CVSS 9.8
Getsimple CMS Items Manager Plugin - 'PHP.php' Arbitrary File Upload
by Sammy FORGIT
JAKCMS PRO 2.2.6 - 'uploader.php' Arbitrary File Upload
by Sammy FORGIT
PHP-Fusion Advanced MP3 Player Infusion - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Drupal Module Drag & Drop Gallery 6.x-1.5 - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
by EgiX
CVSS 9.8
e107 Hupsi_fancybox Plugin - 'Uploadify.php' Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin LB Mixed Slideshow - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Multiple WordPress Themes - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin Zingiri Web Shop 2.4.3 - 'uploadfilexd.php' Arbitrary File Upload
by Sammy FORGIT
WordPress Plugin Invit0r - 'ofc_upload_image.php' Arbitrary File Upload
by Sammy FORGIT
Zimplit CMS 3.0 - Local File Inclusion / Arbitrary File Upload
by KedAns-Dz
WordPress Plugin HD FLV Player - 'uploadVideo.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component mod_jfancy - 'script.php' Arbitrary File Upload
by Sammy FORGIT
XOOPS Cube PROJECT FileManager - 'xupload.php' Arbitrary File Upload
by KedAns-Dz
WordPress Plugin Contus Video Gallery - 'upload1.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component mod_artuploader - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component Easy Flash Uploader - 'helper.php' Arbitrary File Upload
by Sammy FORGIT
Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
By Source