slug: php

Explanation

PHPはサーバーサイドで動くプログラミング言語で、Webサイトの裏側を作るのに広く使われています。 WordPress、Laravel、Drupalなど、世界中の多くのサイトの土台になっています。 セキュリティ脆弱性の文脈では「インジェクション系」(攻撃文字列を実行させる) や「ファイルアップロードの不備」が典型的な弱点として知られています。
📌 Example
2017年のEquifax事件 (1.4億人の個人情報流出) は、Apache StrutsというJavaライブラリの脆弱性が原因でしたが、同様にPHPアプリケーションでも脆弱性が悪用された事例は多数あります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 2,566

ID Title
CVE-2021-42675 Unrestricted File Upload in kreado (CVE-2021-42675)
CVE-2021-41663 Cross-Site Scripting (XSS) in 1234n (CVE-2021-41663)
CVE-2022-30490 SQL Injection in sqli (CVE-2022-30490)
CVE-2019-12868 Unsafe Deserialization in deserialization (CVE-2019-12868)
CVE-2021-36697 Vulnerability in artica (CVE-2021-36697)
CVE-2020-25912 XXE (XML External Entity) in dos (CVE-2020-25912)
CVE-2020-19961 SQL Injection in sqli (CVE-2020-19961)
CVE-2021-41326 Vulnerability in misp-project (CVE-2021-41326)
CVE-2021-39302 SQL Injection in sqli (CVE-2021-39302)
CVE-2021-27332 Cross-Site Scripting (XSS) in casap-automated-enrollment-system-project (CVE-2021-27332)
CVE-2020-20586 Cross-Site Request Forgery (CSRF) in csrf (CVE-2020-20586)
CVE-2020-20363 Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.php.
CVE-2020-19511 Cross-Site Scripting (XSS) in typesettercms (CVE-2020-19511)
CVE-2020-21517 Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php.
CVE-2020-26678 Unrestricted File Upload in vfairs (CVE-2020-26678)
CVE-2021-31780 Vulnerability in misp-project (CVE-2021-31780)
CVE-2021-26216 SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.
CVE-2021-26215 SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php.
CVE-2021-27904 Vulnerability in misp-project (CVE-2021-27904)
CVE-2021-3294 Cross-Site Scripting (XSS) in casap-automated-enrollment-system-project (CVE-2021-3294)
CVE-2020-24085 Cross-Site Scripting (XSS) in misp-project (CVE-2020-24085)
CVE-2020-29006 Vulnerability in misp-project (CVE-2020-29006)
CVE-2020-25515 Unrestricted File Upload in simple-library-management-system-project (CVE-2020-25515)
CVE-2020-25487 SQL Injection in sqli (CVE-2020-25487)
CVE-2020-25514 SQL Injection in simple-library-management-system-project (CVE-2020-25514)
CVE-2020-21731 Cross-Site Scripting (XSS) in gazie-project (CVE-2020-21731)
CVE-2020-24194 Cross-Site Scripting (XSS) in daily-tracker-system-project (CVE-2020-24194)
CVE-2020-15412 Vulnerability in misp-project (CVE-2020-15412)
CVE-2020-15411 Privilege Escalation in misp-project (CVE-2020-15411)
CVE-2020-14969 Vulnerability in misp-project (CVE-2020-14969)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →