Php Exploits

1,332 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-0789 EXPLOITDB php VERIFIED
PHP < 5.3.9 - Denial of Service via strtotime Timezone Parsing
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
by anonymous
CVE-2011-5135 EXPLOITDB php VERIFIED
DoceboLMS < 4.0.4 - Authenticated SQL Injection via coursereportuiconfig Parameters
Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.
by mr_me
CVE-2011-10013 EXPLOITDB CRITICAL php VERIFIED
Traq Project Issue Tracking System 2.0-2.3 - Unauthenticated Remote Code Execution via Admin Plugin Injection
Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code.
by EgiX
CVE-2011-5130 EXPLOITDB php VERIFIED
Family Connections CMS 2.5.0-2.7.1 - Remote Code Execution via dev/less.php argv[1] Parameter
dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.
by mr_me
CVE-2010-4804 EXPLOITDB php
Android < 2.3.4 - Unauthorized SD Card Data Exposure via Crafted Content URIs
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
by Thomas Cannon
CVE-2011-4825 EXPLOITDB php
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by Adel SBM
CVE-2011-4453 EXPLOITDB php VERIFIED
PmWiki 2.x < 2.2.35 - Remote Code Execution via PageListSort Order Parameter
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
by EgiX
CVE-2011-4337 EXPLOITDB php
Support Incident Tracker 3.45-3.65 - Remote Code Execution via Lang Parameter in translate.php
Static code injection vulnerability in translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to inject arbitrary PHP code into an executable language file in the i18n directory via the lang variable.
by EgiX
CVE-2011-5075 EXPLOITDB php
Support Incident Tracker 3.45-3.65 - Information Disclosure via translate.php save action
translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installation path.
by EgiX
EIP-2026-114292 EXPLOITDB php VERIFIED
WordPress Plugin Zingiri 2.2.3 - 'ajax_save_name.php' Remote Code Execution
by EgiX
CVE-2011-4825 EXPLOITDB php VERIFIED
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
CVE-2011-4825 EXPLOITDB php VERIFIED
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
CVE-2011-4825 EXPLOITDB php VERIFIED
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
CVE-2011-3336 EXPLOITDB HIGH php VERIFIED
PHP 5.3.0-5.3.9 - Denial of Service via Stack Exhaustion in regcomp
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
by Maksymilian Arciemowicz
CVSS 7.5
EIP-2026-116015 EXPLOITDB php VERIFIED
Oracle DataDirect ODBC Drivers - HOST Attribute 'arsqls24.dll' Stack Buffer Overflow (PoC)
by rgod
CVE-2011-4075 EXPLOITDB php VERIFIED
phpLDAPadmin < 1.2.2 - Remote Code Execution via Orderby Parameter
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
by EgiX
CVE-2006-4278 EXPLOITDB php
SportsPHool 1.0 - Remote File Inclusion via mainnav Parameter
PHP remote file inclusion vulnerability in includes/layout/plain.footer.php in SportsPHool 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the mainnav parameter.
by cr4wl3r
EIP-2026-106530 EXPLOITDB php
Dolphin 7.0.7 - 'member_menu_queries.php' Remote PHP Code Injection
by EgiX
EIP-2026-107066 EXPLOITDB php
Feed on Feeds 0.5 - Remote PHP Code Injection
by EgiX
CVE-2012-0788 EXPLOITDB php VERIFIED
PHP < 5.3.9 - Denial of Service via PDORow and Session Interaction
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
by anonymous
EIP-2026-108034 EXPLOITDB php
JAKCMS PRO 2.2.5 - Arbitrary File Upload
by EgiX
EIP-2026-102512 EXPLOITDB php VERIFIED
Nortel Contact Recording Centralized Archive 6.5.1 - SQL Injection
by rgod
CVE-2011-4535 EXPLOITDB php VERIFIED
TurboPower Abbrevia < 3.05 - Buffer Overflow via Crafted ZIP File
Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ScadaPhone 5.3.11.1230 and earlier, ScadaTEC ModbusTagServer 4.1.1.81 and earlier, and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP file.
by mr_me
CVE-2007-3068 EXPLOITDB php
DVD X Player 4.1 Professional - Stack-Based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
by Rew
EIP-2026-106152 EXPLOITDB php
Contrexx ShopSystem 2.2 SP3 - 'catId' Blind SQL Injection
by Penguin
By Source
All 1,332 Writeup 62,156 Exploitdb 50,122 Nomisec 22,370 Github 3,576 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 475 Gitee 415 Patchapalooza 312
By Language
text 31,432 python 6,545 ruby 6,001 c 3,624 perl 2,849 html 2,074 php 1,332 bash 462 java 370 c++ 259 javascript 228 shell 131 go 72 postscript 25 typescript 25