Php Exploits
1,332 exploits tracked across all sources.
PHP 5.2.3 - Denial of Service via Invalid Glob Flags Parameter
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initialization for a glob structure.
by shinnai
mkportal 1.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox module; the iden field in the (2) update_file and (3) del_file functions in (b) index.php in the reviews module; the (4) idnews field in the delete_news function and the (5) idcomm field in the del_comment function in (c) index.php in the news module; the (6) idcomm field in the delete_comments function in (d) index.php in the gallery module; the iden field in the (7) edit_file, (8) update_file, and (9) del_file functions in index.php in the gallery module; the (10) ide and (11) cat fields in the slide_update function in index.php in the gallery module; the iden field in the (12) update_file and (13) del_file functions in (d) index.php in the downloads module; and other unspecified vectors.
by Coloss
PHP 5.2.3 - Denial of Service via Long Argument to com_print_typeinfo
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
by shinnai
AV Tutorial Script 1.0 - Unauthenticated Arbitrary Password Change via changePW.php
changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.
by Dj7xpl
MyCMS < 0.9.8 - Remote File Inclusion via games.php id Parameter
PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
by BlackHawk
PNphpBB2 < 1.2i - SQL Injection via viewforum.php order Parameter
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.
by Coloss
MyCMS < 0.9.8 - Remote Code Execution via Score Parameter or Login Cookie
Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 and earlier allow remote attackers to inject arbitrary PHP code into (1) a _score.txt file via the score parameter, or (2) a _setby.txt file via a login cookie, which is then included by games.php. NOTE: programs that use games.php might include (a) snakep.php, (b) tetrisp.php, and possibly other site-specific files.
by BlackHawk
MyCMS <0.9.8 - Privilege Escalation
MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via the admin cookie parameter, as demonstrated by a post to admin/settings.php that injects PHP code into settings.inc, which can then be executed via a direct request to index.php.
by BlackHawk
dreamlog 0.5 - Unauthenticated Arbitrary File Upload via upload.php uploadedFile Parameter
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter.
by Dj7xpl
Pluxml 0.3.1 - Unauthenticated Arbitrary File Upload via admin/images.php
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename.
by DarkFig
Simple Invoices 2007 05 25 - SQL Injection via Submit Parameter
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
by Kacper
Pluxml 0.3.1 - Cross-Site Scripting via msg Parameter in admin/auth.php
Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
by DarkFig
Jasmine CMS 1.0 - Authenticated Directory Traversal via u Parameter
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
by Silentz
PHP Tidy Extension - Buffer Overflow via tidy_parse_string or tidy_repair_string
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.
by rgod
Jasmine CMS 1.0 - SQL Injection via Login Username or News Item Parameter
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php.
by Silentz
Solar Empire < 2.9.1.1 - SQL Injection via User-Agent HTTP Header
SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
by BlackHawk
MiniBB 2.0.5 - Directory Traversal via Language Parameter
Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the language parameter in a register action.
by Dj7xpl
e-vision_cms < 2.02 - SQL Injection via Template Parameter
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.
by Silentz
e-vision_cms < 2.02 - Directory Traversal via Adminlang Cookie or Img Parameter
Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and earlier allow remote attackers to (1) include and execute arbitrary local files via a .. (dot dot) in the adminlang cookie to admin/functions.php or (2) read arbitrary local files via the img parameter to admin/show_img.php.
by Silentz
PBLang < 4.67.16.a - Directory Traversal via Lang Parameter
Directory traversal vulnerability in login.php in PBLang (PBL) 4.67.16.a and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.
by Silentz
sendcard < 3.4.1 - Directory Traversal via sc_language Parameter
Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter.
by Silentz
PNphpBB2 < 1.2i - SQL Injection via Index.php c Parameter
SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter.
by Kacper
Open Solution Quick.Cart < 2.2 - Directory Traversal via sLanguage Cookie
Directory traversal vulnerability in index.php in Open Solution Quick.Cart 2.2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in an sLanguage cookie, which is used to define a value in config/general.php.
by Kacper
Quick.Cart < 2.2 - Unauthenticated Remote Code Execution via Default Credentials
config/general.php in Quick.Cart 2.2 and earlier uses a default username and password, which allows remote attackers to access the application via a login action to admin.php. NOTE: this can be leveraged to upload and execute arbitrary code.
by Kacper
Revokebb < 1.0_rc4 - SQL Injection via revokebb_user Cookie
SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie.
by BlackHawk
By Source