Php Exploits
1,332 exploits tracked across all sources.
Gryphon gllcTS2 4.2.4 - SQL Injection via login.php detail Parameter
SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter.
by TheDefaced
Flux CMS < 1.50 - Remote Code Execution via XML Parameter File Overwrite
webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename.
by EgiX
Achievo 1.2.0-1.3.2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via MCPUK File Editor
Unrestricted file upload in the mcpuk file editor (atk/attributes/fck/editor/filemanager/browser/mcpuk/connectors/php/config.php) in Achievo 1.2.0 through 1.3.2 allows remote attackers to execute arbitrary code by uploading a file with .php followed by a safe extension, then accessing it via a direct request to the file in the Achievo root directory. NOTE: this is only a vulnerability in environments that support multiple extensions, such as Apache with the mod_mime module enabled.
by EgiX
EasyWay CMS - SQL Injection via mid Parameter
SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.
by Lidloses_Auge
FCKeditor - Remote Code Execution via File Upload
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and execute arbitrary PHP code via a file whose name contains ".php." and has an unknown extension, which is recognized as a .php file by the Apache HTTP server, a different vulnerability than CVE-2006-0658 and CVE-2006-2529.
by Stack
PHP Booking Calendar 10 d - 'FCKeditor' Arbitrary File Upload
by Stack
CMS from Scratch 1.1.3 - 'FCKeditor' Arbitrary File Upload
by EgiX
MercuryBoard <= 1.1.5 - SQL Injection via User-Agent HTTP Header
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).
by EgiX
CMS Made Simple <= 1.2.4 - Remote Code Execution via File Upload Bypass
Incomplete blacklist vulnerability in javaUpload.php in Postlet in the FileManager module in CMS Made Simple 1.2.4 and earlier allows remote attackers to execute arbitrary code by uploading a file with a name ending in (1) .jsp, (2) .php3, (3) .cgi, (4) .dhtml, (5) .phtml, (6) .php5, or (7) .jar, then accessing it via a direct request to the file in modules/FileManager/postlet/.
by EgiX
QuickUpCMS - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php.
by Lidloses_Auge
com_datsogallery 1.6 - SQL Injection via User-Agent HTTP Header
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
by +toxa+
Galleristic 1.0 - SQL Injection via Cat Parameter
SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by cOndemned
deluxebb < 1.1 - SQL Injection via forums.php sort Parameter
SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
by EgiX
deluxebb < 1.1 - Authenticated PHP Code Injection via admincp.php URI
Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and earlier allows remote authenticated administrators to inject arbitrary PHP code into logs/cp.php via the URI.
by EgiX
KwsPHP 1.3.456 - Path Traversal via Help.php Action Parameter
Directory traversal vulnerability in help.php in the eskuel module in KwsPHP 1.3.456, as available before 20080416, allows remote attackers to execute arbitrary commands via the action parameter. NOTE: some of these details are obtained from third party information.
by Ajax
Mumbojumbo Op4 - SQL Injection
SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by Lidloses_Auge
phpTournois G4 - Arbitrary File Upload / Code Execution
by Charles Fol
FLABER < 1.1 - Arbitrary File Write via update_xml.php target_file Parameter
function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP file, as demonstrated using function/upload_file.php.
by EgiX
LinPHA <= 1.3.3 - Unauthenticated Directory Traversal and Arbitrary File Execution via Maps Configuration
plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not require authentication for a settings action that modifies the configuration file, which allows remote attackers to conduct directory traversal attacks and execute arbitrary local files by placing directory traversal sequences into the maps_type configuration setting, and then sending a request to maps_view.php, which causes plugins/maps/map.main.class.php to use the modified configuration.
by EgiX
Drake CMS < 0.2.2.846 - SQL Injection via HTTP_VIA Header
SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.
by EgiX
By Source