Php Exploits

1,334 exploits tracked across all sources.

Sort: Activity Stars
CVE-2006-1347 EXPLOITDB php VERIFIED
gCards <1.45 - SQL Injection
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
by rgod
CVE-2006-1346 EXPLOITDB php VERIFIED
gCards <1.45 - Path Traversal
Directory traversal vulnerability in inc/setLang.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in a lang[*][file] parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by index.php.
by rgod
CVE-2006-1348 EXPLOITDB php VERIFIED
gCards <1.45 - XSS
Cross-site scripting (XSS) vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang[*][file] parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346.
by rgod
CVE-2006-1164 EXPLOITDB php VERIFIED
Nodez <4.6.1.1 - Info Disclosure
Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat.
by rgod
CVE-2006-1291 EXPLOITDB php VERIFIED
PHP iCalendar <2.21 - RCE
publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier does not require authentication for write access to the calendars directory, which allows remote attackers to upload and execute arbitrary PHP scripts via a WebDAV PUT request with a filename containing a .php extension and a trailing null character.
by rgod
CVE-2006-1292 EXPLOITDB php VERIFIED
PHP iCalendar <2.21 - Path Traversal
Directory traversal vulnerability in Jim Hu and Chad Little PHP iCalendar 2.21 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the phpicalendar[cookie_language] and phpicalendar[cookie_style] cookies, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included by day.php.
by rgod
CVE-2006-1224 EXPLOITDB php VERIFIED
GuppY 4.5.11 - Path Traversal
Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter.
by trueend5
CVE-2006-1140 EXPLOITDB php VERIFIED
RedBLoG 0.5 - SQL Injection
SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
by x128
CVE-2006-1219 EXPLOITDB php VERIFIED
Gallery <2.0.3 - Path Traversal
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.
by rgod
EIP-2026-110905 EXPLOITDB php VERIFIED
PHP-Stats 0.1.9.1 - Remote Commans Execution
by rgod
CVE-2006-0899 EXPLOITDB php VERIFIED
4images Image Gallery Management System < 1.7.1 - Path Traversal
Directory traversal vulnerability in index.php in 4Images 1.7.1 and earlier allows remote attackers to read and include arbitrary files via ".." (dot dot) sequences in the template parameter.
by rgod
CVE-2006-1001 EXPLOITDB php VERIFIED
Lansuite Lanparty Intranet System - SQL Injection
SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter.
by x128
CVE-2006-0891 EXPLOITDB php VERIFIED
Nocc - Path Traversal
Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing NULL (%00) byte in (1) the _SESSION['nocc_theme'] parameter in (a) html/footer.php; and (2) the lang and (3) theme parameters and the (4) Accept-Language HTTP header field, when force_default_lang is disabled, in (b) index.php, as demonstrated by injecting PHP code into a profile and accessing it using the lang parameter in index.php.
by rgod
EIP-2026-109946 EXPLOITDB php VERIFIED
Noahs Classifieds 1.3 - 'lowerTemplate' Remote Code Execution
by trueend5
CVE-2006-0851 EXPLOITDB php VERIFIED
Ilch.de Ilchclan - SQL Injection
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost.
by x128
CVE-2006-0821 EXPLOITDB php VERIFIED
Bxcp - SQL Injection
SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
by x128
EIP-2026-106169 EXPLOITDB php VERIFIED
Coppermine Photo Gallery 1.4.3 - Remote Command Execution
by rgod
CVE-2006-0786 EXPLOITDB php VERIFIED
PHPKIT 1.6.1 Release 2 - Code Injection
Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs.
by rgod
CVE-2006-0791 EXPLOITDB php VERIFIED
DreamCost HostAdmin - RCE
PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use.
by ReZEN
CVE-2006-0728 EXPLOITDB php VERIFIED
Webspell < 4.01.00 - SQL Injection
SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter.
by x128
CVE-2006-0750 EXPLOITDB php VERIFIED
Supersmashbrothers Army System - SQL Injection
SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.
by fRoGGz
CVE-2006-0714 EXPLOITDB php VERIFIED
Flyspray - Path Traversal
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
by rgod
EIP-2026-106886 EXPLOITDB php VERIFIED
EnterpriseGS 1.0 rc4 - Remote Command Execution
by rgod
CVE-2006-0687 EXPLOITDB php VERIFIED
DocMGR 0.54.2 - Code Injection
process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.
by rgod
CVE-2006-1793 EXPLOITDB php VERIFIED
runCMS <1.2 - Path Traversal
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
by rgod
By Source
All 1,334 Exploitdb 50,121 Writeup 46,692 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24