slug: php

Explanation

PHPはサーバーサイドで動くプログラミング言語で、Webサイトの裏側を作るのに広く使われています。 WordPress、Laravel、Drupalなど、世界中の多くのサイトの土台になっています。 セキュリティ脆弱性の文脈では「インジェクション系」(攻撃文字列を実行させる) や「ファイルアップロードの不備」が典型的な弱点として知られています。
📌 Example
2017年のEquifax事件 (1.4億人の個人情報流出) は、Apache StrutsというJavaライブラリの脆弱性が原因でしたが、同様にPHPアプリケーションでも脆弱性が悪用された事例は多数あります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 2,566

ID Title
CVE-2017-17823 SQL Injection in sqli (CVE-2017-17823)
CVE-2017-17824 SQL Injection in sqli (CVE-2017-17824)
CVE-2017-17825 Cross-Site Scripting (XSS) in piwigo (CVE-2017-17825)
CVE-2017-17826 Cross-Site Scripting (XSS) in piwigo (CVE-2017-17826)
CVE-2017-17827 Cross-Site Request Forgery (CSRF) in piwigo (CVE-2017-17827)
CVE-2011-4955 Cross-Site Scripting (XSS) in wordpress (CVE-2011-4955)
CVE-2017-12072 Cross-Site Scripting (XSS) in synology (CVE-2017-12072)
CVE-2017-17792 Cross-Site Scripting (XSS) in blogotext-project (CVE-2017-17792)
CVE-2017-17793 Information Disclosure in blogotext-project (CVE-2017-17793)
CVE-2017-17794 Vulnerability in blogotext-project (CVE-2017-17794)
CVE-2017-17774 admin/configuration.php in Piwigo 2.9.2 has CSRF.
CVE-2017-17775 Piwigo 2.9.2 has XSS via the name parameter in an admin.php?page=album-3-properties request.
CVE-2017-17776 Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.
CVE-2017-17777 Authentication Bypass in paid-to-read-script-project (CVE-2017-17777)
CVE-2017-17778 Cross-Site Scripting (XSS) in paid-to-read-script-project (CVE-2017-17778)
CVE-2017-17779 Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.
CVE-2017-17780 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17780)
CVE-2017-17719 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17719)
CVE-2017-17744 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17744)
CVE-2017-17753 Cross-Site Scripting (XSS) in wordpress (CVE-2017-17753)
CVE-2017-11562 Vulnerability in mt4 (CVE-2017-11562)
CVE-2017-15876 Unrestricted File Upload in sistemagpweb (CVE-2017-15876)
CVE-2017-15877 Vulnerability in sistemagpweb (CVE-2017-15877)
CVE-2017-16949 Unrestricted File Upload in wordpress (CVE-2017-16949)
CVE-2017-17645 Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php.
CVE-2017-17649 Code Injection in readymade-video-sharing-script-project (CVE-2017-17649)
CVE-2017-17651 SQL Injection in sqli (CVE-2017-17651)
CVE-2017-17727 Unrestricted File Upload in dedecms (CVE-2017-17727)
CVE-2017-17730 DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
CVE-2017-17731 DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →