Php Exploits
1,332 exploits tracked across all sources.
Dreampics Gallery Builder - SQL Injection
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
by Mehmet Ince
phpslash <= 0.8.1.1 - Remote Code Execution via Fields Parameter
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.
by DarkFig
PHP <4.4.4, <5.1.6 - Code Injection
PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows local users to modify behavior of other sites hosted on the same web server by modifying the mbstring.func_overload setting within .htaccess, which causes this setting to be applied to other virtual hosts on the same server.
by strategma
PLEs CMS 1.0 beta 4.2 - SQL Injection
SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter.
by darkjoker
phpList 2.10.x - Remote Code Execution / Local File Inclusion
by mozi
Community CMS < 0.4 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by darkjoker
PHP-CMS Project 1 - SQL Injection via Username Parameter
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by darkjoker
ITLPoll 2.7 Stable 2 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
by fuzion
Mambo Component com_sim 0.8 - Blind SQL Injection
by Mehmet Ince
Pardal CMS <0.2.0 - SQL Injection
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by darkjoker
Joomla! com_pcchess - SQL Injection
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
by InjEctOr5
Joomla com_waticketsystem - SQL Injection via catid Parameter
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
by InjEctOr5
Joomla com_eventing 1.6.x - SQL Injection via catid Parameter
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
by InjEctOr5
Blue Eye CMS <1.0.0 - SQL Injection
SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the clanek parameter.
by darkjoker
Silentum Uploader 1.4.0 - Remote File Deletion
by Danny Moules
phpMDJ 1.0.3 - 'id_animateur' Blind SQL Injection
by darkjoker
XOOPS 2.3.2 - 'mydirname' PHP Remote Code Execution
by StAkeR
CuteNews 1.4.6 - 'ip ban' Authorized Cross-Site Scripting / Command Execution
by StAkeR
Joomla XStandard - Directory Traversal via X_CMS_LIBRARY_PATH HTTP Header
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header.
by irk4z
By Source