Php Exploits
1,334 exploits tracked across all sources.
LoveCMS 1.6.2 Final - Auth Bypass
The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly restrict access to administrator functions, which allows remote attackers to change the administrator password via a direct request to modules/simpleforum/admin/index.php.
by cOndemned
Discuz! - Access Control
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
by 80vul
wPortfolio <0.3 - Auth Bypass
The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters.
by G4N0K
PHP-Fusion 6.01.15/7.00.1 - SQL Injection
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
by irk4z
Punbb Private Messaging System < 1.2.3 - Path Traversal
Multiple directory traversal vulnerabilities in Private Messaging System (PMS) 1.2.3 and earlier for PunBB allow remote attackers to include and execute arbitrary files via a .. (dot dot) in the pun_user[language] parameter to (1) functions_navlinks.php, (2) header_new_messages.php, (3) profile_send.php, and (4) viewtopic_PM-link.php in include/pms/.
by StAkeR
Jaia Interactive Mytopix < 1.3.0 - SQL Injection
SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action.
by cOndemned
VideoScript <4.0.1.50 - Auth Bypass
The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters.
by G4N0K
Minigal - Path Traversal
Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. (dot dot) in the list parameter.
by Alfons Luja
Comsenz Crossday Discuz! Board - Code Injection
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
by 80vul
E-vision Cms < 2.02 - Path Traversal
Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) an adminlang cookie to admin/ind_ex.php; or the module parameter to (2) 3rdparty/adminpart/add3rdparty.php, (3) polling/adminpart/addpolling.php, (4) contact/adminpart/addcontact.php, (5) brandnews/adminpart/addbrandnews.php, (6) newsletter/adminpart/addnewsletter.php, (7) game/adminpart/addgame.php, (8) tour/adminpart/addtour.php, (9) articles/adminpart/addarticles.php, (10) product/adminpart/addproduct.php, or (11) plain/adminpart/addplain.php in modules/.
by StAkeR
Phpx - SQL Injection
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
by StAkeR
Simple Machines Forum - CSRF
Cross-site request forgery (CSRF) vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote attackers to hijack the authentication of admins for requests that install packages via the package parameter in an install2 action.
by Charles Fol
Simple Machines Forum - Path Traversal
Directory traversal vulnerability in index.php in Simple Machines Forum (SMF) 1.0 before 1.0.15 and 1.1 before 1.1.7 allows remote authenticated administrators to install packages from arbitrary directories via a .. (dot dot) in the package parameter during an install2 action, as demonstrated by a predictable package filename in attachments/ that was uploaded through a post2 action to index.php.
by Charles Fol
Scripts Frenzy Article Publisher Pro - SQL Injection
SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
by Stack
Easy-script Cspartner - SQL Injection
SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters.
by StAkeR
Fckeditor - Code Injection
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded by a ZIP header, uploading this file via a FileUpload action with the application/zip content type, and then accessing this file via a direct request to the file in UserFiles/File/, probably a related issue to CVE-2005-4094. NOTE: some of these details are obtained from third party information.
by EgiX
Mywebland Minibloggie - SQL Injection
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
by StAkeR
Micgr Mic Blog - SQL Injection
Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.
by StAkeR
Pressography WP Comment Remix Plugin < 1.4.3 - SQL Injection
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.
by g30rg3_x
Phpwebgallery < 1.7.2 - Code Injection
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
by EgiX
Nuked-klaN <1.7.6 - SQL Injection
SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, as demonstrated by a request to the /nk/ URI.
by Charles Fol
Globsy <1.0 - Code Injection
globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.
by StAkeR
SlimCMS 1.0.0 - Open Redirect
redirect.php in SlimCMS 1.0.0 does not require authentication, which allows remote attackers to create administrative users by using the newusername and newpassword parameters and setting the newisadmin parameter to 1.
by StAkeR
Kusaba <1.0.4 - RCE
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
by Sausage
Openx - SQL Injection
SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
by d00m3r4ng
By Source