Php Exploits
1,333 exploits tracked across all sources.
JaxUltraBB 2.0 - Remote Code Execution via delete.php contents parameter
Direct static code injection vulnerability in delete.php in JaxUltraBB (JUBB) 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script, HTML, or PHP via the contents parameter, whose value is prepended to the file specified by the forum parameter.
by Kacper
PH Pexplorer < 0.24 - Directory Traversal via Language Cookie
Directory traversal vulnerability in explorer_load_lang.php in PH Pexplorer 0.24 allows remote attackers to include arbitrary local files via ".." sequences in the Language cookie, as demonstrated by uploading a .gif file that contains PHP code.
by Kacper
David Bennett PHP-Post <1.0 - Path Traversal
Directory traversal vulnerability in footer.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to read and include arbitrary local files via a .. (dot dot) sequence in the template parameter. NOTE: this was later reported to affect 1.0.1, and demonstrated for code execution by uploading and accessing an avatar file.
by Kacper
YapBB < 1.2_beta2 - Remote File Inclusion via GLOBALS[include_Bit] Parameter
PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter.
by Kacper
WSN Forum < 1.3.4 - Remote Code Execution via Avatar Image Path Manipulation
WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability.
by Kacper
Simplog 0.9.3.1 - SQL Injection via cid Parameter
SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by w4ck1ng
Comdev One Admin Pro 4.1 - Remote File Inclusion via path[skin] Parameter
Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php.
by w4ck1ng
Boonex Dolphin 5.2 - 'index.php' Remote Code Execution
by w4ck1ng
cPanel 10.8.x - 'cpwrap' via MySQLAdmin Privilege Escalation
by Nima Salehi
FreeWPS < 2.11 - Unauthenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in upload.php for Free Web Publishing System (FreeWPS), possibly 2.11 and earlier, allows remote attackers to upload and execute arbitrary PHP programs.
by HACKERS PAL
Flatnuke 2.5.8 - 'userlang' Local Inclusion / Delete All Users
by rgod
Flatnuke 2.5.8 - 'file()' Privilege Escalation / Code Execution
by rgod
4images 1.7.x - Authenticated SQL Injection via search_user Parameter
SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.
by Synsta
PHP 4 < 4.3.0 and 5 <= 5.1.6 - Remote Code Execution via Unserialize Integer Overflow
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
by anonymous
BasiliX < 1.1.1 - Remote File Inclusion via BSX_LIBDIR or BSX_HTXDIR Parameter
Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.
by Kacper
VideoDB 2.2.1 - Remote File Inclusion via config[pdf_module] Parameter
PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.
by Kacper
Groupee UBB.threads 6.5.1.1 - Code Injection
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
by HACKERS PAL
Lappy512 PHP Krazy Image Host Script 0.7a - SQL Injection
SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Trex
Skrypty PPA Gallery < 1.0 - Remote File Inclusion via config[ppa_root_path] Parameter
PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter.
by Kacper
KGB 1.87 - Remote File Inclusion via Engine Parameter
Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
by Kacper
paBugs < 2.0_beta_3 - Remote File Inclusion via path_to_bt_dir Parameter
PHP remote file inclusion vulnerability in class.mysql.php in Matt Humphrey paBugs 2.0 Beta 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path_to_bt_dir parameter.
by Kacper
cPanel 5-10 - SUID Wrapper Privilege Escalation
by Nima Salehi
exV2 content_management_system < 2.0.4.3 - Remote Code Execution via $xoopsOption['pagetype'] Variable Manipulation
Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.
by rgod
CVSS 9.8
exV2 CMS < 2.0.4.3 - Directory Traversal & File Deletion via Avatar Upload
Directory traversal vulnerability in the avatar upload feature in exV2 2.0.4.3 and earlier allows remote attackers to delete arbitrary files via ".." sequences in the old_avatar parameter.
by rgod
Eskolar CMS 0.9.0.0 - 'index.php' SQL Injection
by HACKERS PAL
By Source