slug: php

Explanation

PHPはサーバーサイドで動くプログラミング言語で、Webサイトの裏側を作るのに広く使われています。 WordPress、Laravel、Drupalなど、世界中の多くのサイトの土台になっています。 セキュリティ脆弱性の文脈では「インジェクション系」(攻撃文字列を実行させる) や「ファイルアップロードの不備」が典型的な弱点として知られています。
📌 Example
2017年のEquifax事件 (1.4億人の個人情報流出) は、Apache StrutsというJavaライブラリの脆弱性が原因でしたが、同様にPHPアプリケーションでも脆弱性が悪用された事例は多数あります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 2,566

ID Title
CVE-2015-7668 Cross-Site Scripting (XSS) in wordpress (CVE-2015-7668)
CVE-2015-7669 Path Traversal in wordpress (CVE-2015-7669)
CVE-2017-17900 SQL Injection in sqli (CVE-2017-17900)
CVE-2017-17905 PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
CVE-2017-17906 PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
CVE-2017-17907 Cross-Site Scripting (XSS) in car-rental-script-project (CVE-2017-17907)
CVE-2017-17908 PHP Scripts Mall Responsive Realestate Script has CSRF via admin/general.
CVE-2017-17909 PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter.
CVE-2017-17911 Cross-Site Scripting (XSS) in archon (CVE-2017-17911)
CVE-2017-17924 Path Traversal in ordermanagementscript (CVE-2017-17924)
CVE-2017-17925 Cross-Site Scripting (XSS) in ordermanagementscript (CVE-2017-17925)
CVE-2017-17926 Information Disclosure in ordermanagementscript (CVE-2017-17926)
CVE-2017-17927 Path Traversal in ordermanagementscript (CVE-2017-17927)
CVE-2017-17928 SQL Injection in sqli (CVE-2017-17928)
CVE-2017-17929 PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.
CVE-2017-17930 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-17930)
CVE-2017-17931 PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.
CVE-2017-17891 Readymade Video Sharing Script has CSRF via user-profile-edit.php.
CVE-2017-17892 SQL Injection in sqli (CVE-2017-17892)
CVE-2017-17893 Cross-Site Scripting (XSS) in readymade-video-sharing-script-project (CVE-2017-17893)
CVE-2017-17897 SQL Injection in sqli (CVE-2017-17897)
CVE-2017-17898 Information Disclosure in dolibarr (CVE-2017-17898)
CVE-2017-17899 SQL Injection in sqli (CVE-2017-17899)
CVE-2017-17869 The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.
CVE-2017-17873 Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVE-2017-17874 Unrestricted File Upload in vanguard-project (CVE-2017-17874)
CVE-2017-17828 Cross-Site Scripting (XSS) in doditsolutions (CVE-2017-17828)
CVE-2017-17829 SQL Injection in sqli (CVE-2017-17829)
CVE-2017-17830 Bus Booking Script has CSRF via admin/new_master.php.
CVE-2017-17822 SQL Injection in sqli (CVE-2017-17822)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →