Php Exploits
1,332 exploits tracked across all sources.
DuxCMS 2.1 - Path Traversal and Arbitrary File Deletion via AdminBackup Endpoint
Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.
by annyshow
DuxCMS 2.1 - Cross-Site Request Forgery via article/admin/content/add
Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.
by annyshow
DuxCMS 2.1 - Cross-Site Scripting in Article Handler
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This affects an unknown part of the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-215115.
by annyshow
DuxCMS 2.1 - Cross-Site Request Forgery
A vulnerability was found in annyshow DuxCMS 2.1. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-215116.
by annyshow
DuxCMS 2.1 - Stored Cross-Site Scripting via Content, Time, or Copyfrom Parameters
Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.
by annyshow
WMCMS v4.4 - Arbitrary File Deletion via DelFile() Function
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.
by y1336247431
CVSS 7.5
Dreamer CMS <4.1.3.0 - Path Traversal
A vulnerability was found in Dreamer CMS up to 4.1.3.0. It has been declared as critical. Affected by this vulnerability is the function ZipUtils.unZipFiles of the file controller/admin/ThemesController.java. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-259369 was assigned to this vulnerability.
by y1336247431
CVSS 6.3
Likeshop 2.5.0-2.5.7 - Cross-Site Scripting in Merchandise Handler
A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was assigned to this vulnerability.
by likeshop_1
ideacms < 1.6 - Unrestricted File Upload via saveUpload Function
A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by ideacms_admin
ideacms < 1.7 - SQL Injection via Article/Goods Field Parameter
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.
by ideacms_admin
ideacms < 1.7 - SQL Injection via Article/Goods Field Parameter
A vulnerability was found in IdeaCMS up to 1.7 and classified as critical. This issue affects the function Article/Goods of the file /api/v1.index.article/getList.html. The manipulation of the argument Field leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.8 is able to address this issue. The patch is named 935aceb4c21338633de6d41e13332f7b9db4fa6a. It is recommended to upgrade the affected component.
by ideacms_admin
HkCms <= 2.3.2.240702 - Cross-Site Scripting via Search Keyword Parameter
A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
by Hk_Cms
Yifang CMS 2.0.2 - Server-Side Request Forgery via /api/file/getRemoteContent
Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.
by wanglongcn
Yifang CMS < 2.0.2 - Path Traversal via Admin Panel File Download
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
by wanglongcn
Yifang CMS < 2.0.2 - Cross-Site Scripting in Article Management Module
A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
by wanglongcn
foxcms 2.0.6 - Path Traversal via DataBackup.php Restores Method
An issue in the restores method (DataBackup.php) of foxcms v2.0.6 allows attackers to execute a directory traversal.
by XinFox
MuYuCMS < 2.7 - Server-Side Request Forgery via Link URL Parameter
A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the component Add Fiend Link Handler. Performing manipulation of the argument Link URL results in server-side request forgery. The attack may be initiated remotely. The exploit has been made public and could be used.
by monst
muyucms < 2.7 - Remote Code Execution in Template Management
A security flaw has been discovered in MuYuCMS up to 2.7. Affected by this issue is some unknown functionality of the file /admin.php of the component Template Management. The manipulation results in code injection. It is possible to launch the attack remotely.
by monst
shanyu SyCms <a242ef2d194e8bb249dc175e7c49f2c1673ec921 - Code Injec...
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
by shanyu
phpok3w < 901d96a06809fb28b17f3a4362c59e70411c933c - SQL Injection via ID Parameter in show.php
A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
by 9786
FileZilla < 0.9.21 - Denial of Service via Malformed STOR Command
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
Unclassified NewsBoard <= 1.6.1_patch1 - Directory Traversal via ABBC[Config][smileset] Parameter
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.
Sugar Suite < 4.0 beta - Directory Traversal via acceptDecline.php beanFiles Parameter
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
ADOdb for PHP < 4.70 - Unauthenticated SQL Injection via server.php sql Parameter
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
RunCMS < 1.2 - Remote Code Execution via bbPath[path] Parameter
Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php.
By Source