Php Exploits

1,334 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118638 EXPLOITDB php VERIFIED
Home FTP Server 1.11.1.149 - 'RETR'/'DELE'/'RMD' Directory Traversal
by Yakir Wizman
EIP-2026-111795 EXPLOITDB php
RoSPORA 1.5.0 - Remote PHP Code Injection
by EgiX
EIP-2026-114605 EXPLOITDB php VERIFIED
ZenPhoto - Config Update / Command Execution
by Abysssec
EIP-2026-108046 EXPLOITDB php
java Bridge 5.5 - Directory Traversal
by Saxtor
EIP-2026-105558 EXPLOITDB php VERIFIED
BlueCMS 1.6 - 'x-forwarded-for' Header SQL Injection
by cnryan
EIP-2026-110243 EXPLOITDB php
Open-Realty 2.5.7 - Local File Disclosure
by Nikola Petrov
CVE-2010-4931 EXPLOITDB php
PHP-Fusion - Path Traversal
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
by MoDaMeR
EIP-2026-106031 EXPLOITDB php
CMSQLite 1.2 / CMySQLite 1.3.1 - Remote Code Execution
by BlackHawk
EIP-2026-109018 EXPLOITDB php
kleeja 1.0.0RC6 - Database Disclosure
by indoushka
CVE-2010-3029 EXPLOITDB php VERIFIED
PHPKick 0.8 - SQL Injection
SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action.
by garwga
EIP-2026-105334 EXPLOITDB php
AWCM CMS - Local File Inclusion
by SwEET-DeViL
EIP-2026-113240 EXPLOITDB php
WebAsys - Blind SQL Injection
by zsh.shell
EIP-2026-108947 EXPLOITDB php VERIFIED
JV2 Folder Gallery 3.1.1 - 'popup_slideshow.php' Multiple Vulnerabilities
by eidelweiss
EIP-2026-107684 EXPLOITDB php
hustoj - 'FCKeditor' Arbitrary File Upload
by eidelweiss
CVE-2010-2042 EXPLOITDB php
Shopex Ecshop - SQL Injection
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information.
by Jannock
EIP-2026-105725 EXPLOITDB php
cardinalCMS 1.2 - 'FCKeditor' Arbitrary File Upload
by Ma3sTr0-Dz
EIP-2026-107935 EXPLOITDB php
Invision Power Board 3.0.1 - SQL Injection
by Cryptovirus
EIP-2026-115162 EXPLOITDB php VERIFIED
Dolphin 2.0 - '.elf' Local Denial of Service
by Yakir Wizman
CVE-2004-1315 EXPLOITDB php
phpBB 2.x <2.0.11 - RCE
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
by Michael Brooks
EIP-2026-116889 EXPLOITDB php VERIFIED
Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow
by mr_me
EIP-2026-109030 EXPLOITDB php VERIFIED
Knowledgeroot (fckeditor) - Arbitrary File Upload
by eidelweiss
CVE-2010-1866 EXPLOITDB CRITICAL php VERIFIED
Php < 5.3.2 - Integer Overflow
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow in the chunk size decoder.
by Stefan Esser
CVSS 9.8
EIP-2026-111412 EXPLOITDB php VERIFIED
Portaneo Portal 2.2.3 - Arbitrary File Upload
by eidelweiss
EIP-2026-117116 EXPLOITDB php VERIFIED
Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow
by mr_me
EIP-2026-111040 EXPLOITDB php VERIFIED
phpegasus 0.1.2 - 'FCKeditor' Arbitrary File Upload
by eidelweiss
By Source
All 1,334 Exploitdb 50,123 Writeup 46,591 Nomisec 21,116 Metasploit 3,189 Github 2,221 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,726 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 256 c++ 245 shell 67 go 41 postscript 25 xml 24