Php Exploits
1,334 exploits tracked across all sources.
WEBalbum 2.4b - SQL Injection
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mehmet Ince
Dreampics Gallery Builder - SQL Injection
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
by Mehmet Ince
phpSlash <0.8.1.1 - Code Injection
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.
by DarkFig
PHP <4.4.4, <5.1.6 - Code Injection
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
by strategma
PLEs CMS 1.0 beta 4.2 - SQL Injection
SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter.
by darkjoker
phpList 2.10.x - Remote Code Execution / Local File Inclusion
by mozi
Community CMS <0.4 - SQL Injection
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by darkjoker
PHP-CMS Project 1 - SQL Injection
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by darkjoker
ITLPoll 2.7-2 - SQL Injection
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by fuzion
Mambo Component com_sim 0.8 - Blind SQL Injection
by Mehmet Ince
Pardal CMS <0.2.0 - SQL Injection
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by darkjoker
Joomla! com_pcchess - SQL Injection
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
by InjEctOr5
Joomla! - SQL Injection
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
by InjEctOr5
Joomla! 1.6.x - SQL Injection
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by InjEctOr5
Blue Eye CMS <1.0.0 - SQL Injection
SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the clanek parameter.
by darkjoker
Silentum Uploader 1.4.0 - Remote File Deletion
by Danny Moules
phpMDJ 1.0.3 - 'id_animateur' Blind SQL Injection
by darkjoker
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
by StAkeR
CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution
by StAkeR
By Source