Skip to main content

154 docs tagged with "PHP_Programming_language"

View all tags

CVE-2000-0059

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are exe

CVE-2000-1166

Twig webmail system does not properly set the 'vhosts' variable if it is not configured on the site,

CVE-2001-1385

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for

CVE-2004-1018

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictio

CVE-2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cau

CVE-2004-1020

The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow

CVE-2004-1063

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver,

CVE-2004-1064

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing

CVE-2004-1065

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows r

CVE-2004-1227

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers

CVE-2005-0268

Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary P

CVE-2005-0271

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to e

CVE-2005-0376

PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers

CVE-2006-0064

PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote att

CVE-2006-0066

SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbi

CVE-2006-0074

SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary

CVE-2006-0075

Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to e

CVE-2006-0076

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute

CVE-2006-0093

Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inj

CVE-2006-0094

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute

CVE-2006-0097

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x

CVE-2006-0099

PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certai

CVE-2006-0102

Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attacke

CVE-2006-0103

TinyPHPForum 3.6 and earlier stores the (1) users/.hash and (2) users/[USERNAME].email files under t

CVE-2006-0104

Directory traversal vulnerability in TinyPHPForum 3.6 and earlier allows remote attackers to create

CVE-2006-0112

Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remo

CVE-2006-0113

Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application v

CVE-2006-0132

Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 and possibly earlier allows re

CVE-2006-0144

The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in Apache2Triad, allows remote at

CVE-2006-0146

The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1)

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70,

CVE-2006-0163

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 al

CVE-2006-0164

phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers t

CVE-2006-0169

addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, which allows remote attackers to e

CVE-2006-0171

PHP remote file include vulnerability in index.php in OrjinWeb E-commerce allows remote attackers to

CVE-2006-0183

Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authent

CVE-2007-0050

PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to

CVE-2007-0082

users_adm/start1.php in IMGallery 2.5 and earlier does not properly handle files with multiple exten

CVE-2007-0098

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_g

CVE-2007-0107

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc

CVE-2007-0115

Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 and earlier allows remote aut

CVE-2007-0123

Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and ex

CVE-2007-0135

PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix 0.2.2 beta 11 and earlier, whe

CVE-2007-0143

Multiple PHP remote file inclusion vulnerabilities in NUNE News Script 2.0pre2 allow remote attacker

CVE-2007-0145

PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP News (BP News) 3.01 allows remo

CVE-2007-0150

Multiple PHP remote file inclusion vulnerabilities in index.php in Dayfox Blog allow remote attacker

CVE-2007-0167

Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search Engine), as distributed with

CVE-2007-0170

PHP remote file inclusion vulnerability in index.php in AllMyVisitors 0.4.0 allows remote attackers

CVE-2007-0171

PHP remote file inclusion vulnerability in index.php in AllMyLinks 0.5.0 and earlier allows remote a

CVE-2007-0172

Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.3.0 and earlier allow remote att

CVE-2007-0173

Directory traversal vulnerability in index.php in L2J Statistik Script 0.09 and earlier, when regist

CVE-2007-0178

PHP remote file inclusion vulnerability in info.php in Easy Banner Pro 2.8 allows remote attackers t

CVE-2007-0179

SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arb

CVE-2007-0181

PHP remote file inclusion vulnerability in include/common_function.php in magic photo storage websit

CVE-2007-0182

Multiple PHP remote file inclusion vulnerabilities in magic photo storage website allow remote attac

CVE-2007-0189

PHP remote file inclusion vulnerability in index.php in GeoBB Georgian Bulletin Board allows remote

CVE-2007-0190

PHP remote file inclusion vulnerability in edit_address.php in edit-x ecommerce allows remote attack

CVE-2007-0200

PHP remote file inclusion vulnerability in template.php in Geoffrey Golliher Axiom Photo/News Galler

CVE-2007-0230

PHP remote file inclusion vulnerability in install.php in CS-Cart 1.3.3 allows remote attackers to e

CVE-2007-0232

PHP remote file inclusion vulnerability in routines/fieldValidation.php in Jshop Server 1.3 allows r

CVE-2007-0233

wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input dat

CVE-2007-6614

PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.

CVE-2007-6642

Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! before 1.5 RC4 allow remote at

CVE-2007-6649

PHP remote file inclusion vulnerability in includes/tumbnail.php in MatPo Bilder Galerie 1.1 allows

CVE-2007-6655

PHP remote file inclusion vulnerability in includes/function.php in Kontakt Formular 1.4 allows remo

CVE-2007-6657

PHP remote file inclusion vulnerability in source/includes/load_forum.php in Mihalism Multi Forum Ho

CVE-2007-6667

SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to exe

CVE-2008-0099

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to exec

CVE-2008-0137

PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows re

CVE-2008-0138

PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for

CVE-2008-0139

Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remo

CVE-2008-0143

PHP remote file inclusion vulnerability in common/db.php in samPHPweb, possibly 4.2.2 and others, as

CVE-2008-0144

PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote atta

CVE-2008-0145

Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown imp

CVE-2008-0187

SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier

CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty va

CVE-2008-0196

Multiple directory traversal vulnerabilities in WordPress 2.0.11 and earlier allow remote attackers

CVE-2008-0219

SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers

CVE-2008-0222

Unrestricted file upload vulnerability in ajaxfilemanager.php in the Wp-FileManager 1.2 plugin for W

CVE-2008-0230

PHP remote file inclusion vulnerability in php121db.php in osDate 2.0.8 and possibly earlier version

CVE-2008-0231

Multiple directory traversal vulnerabilities in index.php in Tuned Studios (1) Subwoofer, (2) Freeze

CVE-2008-0249

PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to ad

CVE-2008-5814

Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and earlier, when display_errors is

CVE-2008-5840

PHP iCalendar 2.24 and earlier allows remote attackers to bypass authentication by setting the phpic

CVE-2008-5844

PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally d

CVE-2008-5851

SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to

CVE-2008-5854

Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 a

CVE-2008-5855

myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient acc

CVE-2009-0103

Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 allow remote attackers to execut

CVE-2009-0106

SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attac

CVE-2009-0107

Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows

CVE-2009-0108

PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass authentication and gain adminis

CVE-2009-4541

Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attac

CVE-2009-4543

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Li

CVE-2009-4595

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to e

CVE-2009-4596

Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers t

CVE-2009-4597

Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authentica

CVE-2009-4604

PHP remote file inclusion vulnerability in mamboleto.php in the Fernando Soares Mamboleto (com_mambo

CVE-2010-4348

Cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 al

CVE-2010-4349

admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote attackers to obtain sensitive in

CVE-2010-4350

Directory traversal vulnerability in admin/upgrade_unattended.php in MantisBT before 1.2.4 allows re

CVE-2010-4645

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and oth

CVE-2011-5301

Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject

CVE-2011-5302

Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote

CVE-2012-10003

A vulnerability, which was classified as problematic, has been found in ahmyi RivetTracker. This iss

CVE-2012-1915

EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_clean() Filter and perform XSS

CVE-2012-2931

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privi

CVE-2012-2950

Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local File Include Vulnerability whi

CVE-2012-5653

The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 allows remote authenticated us

CVE-2013-0721

wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress allows remote attackers to obtain

CVE-2013-4752

Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an

CVE-2013-7277

Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95

CVE-2013-7289

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aph

CVE-2014-1860

Contao CMS through 3.2.4 has PHP Object Injection Vulnerabilities

CVE-2014-8085

Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/con

CVE-2014-9277

The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.

CVE-2014-9427

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x thro

CVE-2015-5951

A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows

CVE-2018-20166

A file-upload vulnerability exists in Rukovoditel 2.3.1. index.php?module=configuration/save allows

CVE-2019-20336

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the search-results.php searchtext parameter i

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulner

CVE-2019-5009

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension 'php3' in the logo upload

CVE-2019-5884

php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enable

CVE-2019-6126

The Admin Panel of PHP Scripts Mall Advance Peer to Peer MLM Script v1.7.0 allows remote attackers t

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injectio

CVE-2019-6244

An issue was discovered in UsualToolCMS 8.0. cmsadmin/a_sqlbackx.php?t=sql allows CSRF attacks that

CVE-2019-6248

PHP Scripts Mall Citysearch / Hotfrog / Gelbeseiten Clone Script 2.0.1 has Reflected XSS via the src

CVE-2020-35131

Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Executi

CVE-2020-35745

PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php

CVE-2020-35952

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages tha

CVE-2020-5191

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabiliti

CVE-2020-5192

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilitie

CVE-2020-5307

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by

CVE-2020-5308

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, as demonstrated by the catego

CVE-2020-5510

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profi

CVE-2020-5511

PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when loggi

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from app

CVE-2021-25051

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to incl

CVE-2021-25052

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to

CVE-2021-25053

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include(

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from app

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerab

CVE-2021-3129

Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attacker

CVE-2021-41236

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview

CVE-2021-41597

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the Upgrad

CVE-2021-43852

OroPlatform is a PHP Business Application Platform. In affected versions by sending a specially craf

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was fo

CVE-2022-21648

Latte is an open source template engine for PHP. Versions since 2.8.0 Latte has included a template

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21662

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21663

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-21664

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-4302

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, w

CVE-2022-4324

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file