CVE-2000-0059
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are exe
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are exe
Twig webmail system does not properly set the 'vhosts' variable if it is not configured on the site,
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictio
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cau
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver,
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows r
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary P
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to e
PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote att
SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbi
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to e
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute
Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inj
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x
PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certai
Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attacke
TinyPHPForum 3.6 and earlier stores the (1) users/.hash and (2) users/[USERNAME].email files under t
Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create
Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remo
Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application v
Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows re
The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote at
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1)
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70,
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 al
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers t
addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to e
PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to
Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authent
PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to
users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple exten
Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_g
WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc
Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote aut
Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and ex
PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, whe
Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attacker
PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remo
Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attacker
Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with
PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers
PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote a
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote att
Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when regist
PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers t
SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arb
PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage websit
Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attac
PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote
PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attack
PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Galler
PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to e
PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows r
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input dat
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.
Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote at
PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows
PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remo
PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Ho
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to exe
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to exec
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows re
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remo
PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote atta
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown imp
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier
WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty va
Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers
Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for W
PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier version
Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to ad
Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is
PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpic
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally d
SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to
Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 a
myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient acc
Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execut
SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attac
Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows
PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain adminis
Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attac
PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Li
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to e
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers t
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authentica
PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mambo
Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 al
admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive in
Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows re
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and oth
Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject
Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote
A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This iss
EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privi
Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability whi
The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated us
wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aph
Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/con
The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x thro
A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows
A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter i
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulner
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension 'php3' in the logo upload
php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enable
The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers t
An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injectio
An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that
PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the src
Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Executi
PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages tha
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabiliti
PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilitie
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by
PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the catego
PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profi
PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when loggi
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from app
The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to incl
The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to
The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include(
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from app
Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerab
Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacker
OroPlatform is a PHP Business Application Platform. In affected versions the email template preview
SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the Upgrad
OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially craf
CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was fo
Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
WordPress is a free and open-source content management system written in PHP and paired with a Maria
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file