Php Exploits

1,333 exploits tracked across all sources.

Sort: Activity Stars
CVE-2004-2443 EXPLOITDB php VERIFIED
Jaws 0.3 - Unauthenticated Authentication Bypass via MD5 Null Password
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
by Fernando Quintero
CVE-2004-0613 EXPLOITDB php VERIFIED
osTicket - Unauthenticated Arbitrary File Upload and Remote Code Execution via Ticket Attachment
osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.
by Guy Pearce
EIP-2026-104752 EXPLOITDB php VERIFIED
PHP 4/5 - Input/Output Wrapper Remote File Inclusion Function Command Execution
by Slythers
CVE-2004-0249 EXPLOITDB php VERIFIED
PHPX 2.0-3.2.4 - Unauthenticated Account Access via Cookie Manipulation
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
by Manuel L?pez
EIP-2026-109306 EXPLOITDB php VERIFIED
Mambo Open Source 4.5/4.6 - 'mod_mainmenu.php' Remote File Inclusion
by Yo_Soy
CVE-2004-2350 EXPLOITDB php VERIFIED
phpBB 1.0-2.0.6 - SQL Injection via search_results Parameter
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
by pokleyzz
CVE-2004-0269 EXPLOITDB php VERIFIED
PHP-Nuke <= 6.9 - SQL Injection via Search Category or Web_Links Admin Parameter
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
by pokleyzz
CVE-2003-0863 EXPLOITDB php VERIFIED
PHP 4.3.x - Unauthenticated File Include Vulnerability via php_check_safe_mode_include_dir
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
by Michal Krause
EIP-2026-116333 EXPLOITDB php VERIFIED
StarSiege Tribes Server - Denial of Service (2)
by st0ic
EIP-2026-102676 EXPLOITDB php VERIFIED
MidHosting FTP Daemon 1.0.1 - Shared Memory Local Denial of Service
by Frank DENIS
EIP-2026-104644 EXPLOITDB php VERIFIED
PHP 4.3.x/5.0 - 'openlog()' Buffer Overflow
CVE-2003-0166 EXPLOITDB php VERIFIED
PHP - Denial of Service and Possible Remote Code Execution via Negative Arguments to socket_recv and socket_recvfrom
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
CVE-2003-0166 EXPLOITDB php VERIFIED
PHP - Denial of Service and Possible Remote Code Execution via Negative Arguments to socket_recv and socket_recvfrom
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
CVE-2003-0166 EXPLOITDB php VERIFIED
PHP - Denial of Service and Possible Remote Code Execution via Negative Arguments to socket_recv and socket_recvfrom
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
by Sir Mordred
EIP-2026-110841 EXPLOITDB php VERIFIED
PHP-Nuke 5.6/6.x News Module - 'index.php' SQL Injection
by frog
CVE-2003-1245 EXPLOITDB php VERIFIED
Mambo 4.0.12 - Unauthenticated Privilege Escalation via Session ID Manipulation
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie.
by Simen Bergo
CVE-2003-1244 EXPLOITDB php VERIFIED
phpBB 2.0-2.0.2 - SQL Injection via forum_id Parameter
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
by David Zentner
CVE-2003-1435 EXPLOITDB php VERIFIED
PHP-Nuke 5.6 and 6.0 - SQL Injection via Search Module Days Parameter
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
by David Zentner
CVE-2002-2235 EXPLOITDB php VERIFIED
vBulletin <= 2.2.9 - Cross-Site Scripting via member2.php perpage Variable
member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.
by Sp.IC
CVE-2004-1824 EXPLOITDB php VERIFIED
Jelsoft vBulletin < 3.0 - Cross-Site Scripting via Memberlist What Parameter
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php.
by Sp.IC
CVE-2002-1886 EXPLOITDB php VERIFIED
TightAuction 3.0 - Unauthenticated Sensitive Information Exposure via config.inc
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password.
by frog
CVE-2002-2021 EXPLOITDB php VERIFIED
WoltLab Burning Board 1.1.1 - Cross-Site Scripting via Message Parameter
Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
by SeazoN
CVE-2002-0484 EXPLOITDB php VERIFIED
PHP - Unauthenticated Arbitrary File Write via move_uploaded_file
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
by Tozz
CVE-2004-0327 EXPLOITDB php VERIFIED
PhpNewsManager 1.46 - Directory Traversal via clang Parameter
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
by anonymous
CVE-2004-0327 EXPLOITDB php VERIFIED
PhpNewsManager 1.46 - Directory Traversal via clang Parameter
Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter.
by anonymous
By Source
All 1,333 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25