Php Exploits

1,334 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108544 EXPLOITDB php VERIFIED
Joomla! Component com_simpleswfupload - 'uploadhandler.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-112646 EXPLOITDB php
TheBlog 2.0 - Multiple Vulnerabilities
by WhiteCollarGroup
EIP-2026-108752 EXPLOITDB php VERIFIED
Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload
by KedAns-Dz
EIP-2026-105025 EXPLOITDB php VERIFIED
Agora-Project 2.12.11 - Arbitrary File Upload
by Misa3l
EIP-2026-113652 EXPLOITDB php
WordPress Plugin Content Flow 3D 1.0.0 - Arbitrary File Upload
by g11tch
CVE-2012-3576 EXPLOITDB php VERIFIED
Jquindlen Wpstorecart < 2.5.29 - Access Control
Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/wpstorecart.
by Sammy FORGIT
CVE-2012-3575 EXPLOITDB php VERIFIED
Rbx Gallery - Access Control
Unrestricted file upload vulnerability in uploader.php in the RBX Gallery plugin 2.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/rbxslider.
by Sammy FORGIT
CVE-2012-10064 EXPLOITDB CRITICAL php VERIFIED
Omni Secure Files <0.1.14 - RCE
Omni Secure Files plugin versions prior to 0.1.14 contain an arbitrary file upload vulnerability in the bundled plupload example endpoint. The /wp-content/plugins/omni-secure-files/plupload/examples/upload.php handler allows unauthenticated uploads without enforcing safe file type restrictions, enabling an attacker to place attacker-controlled files under the plugin's uploads directory. This can lead to remote code execution if a server-executable file type is uploaded and subsequently accessed.
by Adrien Thierry
EIP-2026-114175 EXPLOITDB php VERIFIED
WordPress Plugin VideoWhisper Video Presentation 3.17 - 'vw_upload.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-113771 EXPLOITDB php VERIFIED
WordPress Plugin Front End Upload 0.5.3 - Arbitrary File Upload
by Adrien Thierry
CVE-2012-3578 EXPLOITDB php VERIFIED
Wordpress Fcchat Widget < 2.2.13.1 - Access Control
Unrestricted file upload vulnerability in html/Upload.php in the FCChat Widget plugin 2.2.13.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in html/images.
by Sammy FORGIT
EIP-2026-111175 EXPLOITDB php VERIFIED
PHPNet 1.8 - 'ler.php' SQL Injection
by WhiteCollarGroup
CVE-2012-3574 EXPLOITDB php VERIFIED
Tbelmans MM Forms Community - Unrestricted File Upload
Unrestricted file upload vulnerability in includes/doajaxfileupload.php in the MM Forms Community plugin 2.2.5 and 2.2.6 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/temp.
by Sammy FORGIT
EIP-2026-113779 EXPLOITDB php VERIFIED
WordPress Plugin Gallery 3.06 - Arbitrary File Upload
by Sammy FORGIT
CVE-2012-3814 EXPLOITDB php VERIFIED
Pippin Williamson Font Uploader - Access Control
Unrestricted file upload vulnerability in font-upload.php in the Font Uploader plugin 1.2.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a .php.ttf extension, then accessing it via a direct request to the file in font-uploader/fonts.
by Sammy FORGIT
EIP-2026-112259 EXPLOITDB php VERIFIED
SN News 1.2 - 'visualiza.php' SQL Injection
by WhiteCollarGroup
CVE-2012-10027 EXPLOITDB CRITICAL php VERIFIED
WP-Property <1.35.0 - RCE
WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a temporary directory without authentication, leading to remote code execution.
by Sammy FORGIT
CVE-2012-10026 EXPLOITDB CRITICAL php VERIFIED
Asset-Manager <2.0 - RCE
The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types, allowing remote attackers to upload malicious PHP scripts to a predictable temporary directory. Once uploaded, the attacker can execute the file via a direct HTTP GET request, resulting in remote code execution under the web server’s context.
by Sammy FORGIT
EIP-2026-113881 EXPLOITDB php VERIFIED
WordPress Plugin Marketplace Plugin 1.5.0 < 1.6.1 - Arbitrary File Upload
by Sammy FORGIT
EIP-2026-113812 EXPLOITDB php VERIFIED
WordPress Plugin HTML5 AV Manager 0.2.7 - Arbitrary File Upload
by Sammy FORGIT
EIP-2026-113796 EXPLOITDB php VERIFIED
WordPress Plugin Google Maps via Store Locator 2.7.1 < 3.0.1 - Multiple Vulnerabilities
by Sammy FORGIT
EIP-2026-113768 EXPLOITDB php VERIFIED
WordPress Plugin Foxypress 0.4.1.1 < 0.4.2.1 - Arbitrary File Upload
by Sammy FORGIT
EIP-2026-109520 EXPLOITDB php VERIFIED
Mnews 1.1 - 'view.php' SQL Injection
by WhiteCollarGroup
EIP-2026-113964 EXPLOITDB php VERIFIED
WordPress Plugin Picturesurf Gallery - 'upload.php' Arbitrary File Upload
by Sammy FORGIT
EIP-2026-104659 EXPLOITDB php
PHP 5.3.10 - 'spl_autoload_register()' Local Denial of Service
by Yakir Wizman
By Source
All 1,334 Exploitdb 50,123 Writeup 46,586 Nomisec 21,111 Metasploit 3,189 Github 2,219 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,725 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24