slug: php

Explanation

PHPはサーバーサイドで動くプログラミング言語で、Webサイトの裏側を作るのに広く使われています。 WordPress、Laravel、Drupalなど、世界中の多くのサイトの土台になっています。 セキュリティ脆弱性の文脈では「インジェクション系」(攻撃文字列を実行させる) や「ファイルアップロードの不備」が典型的な弱点として知られています。
📌 Example
2017年のEquifax事件 (1.4億人の個人情報流出) は、Apache StrutsというJavaライブラリの脆弱性が原因でしたが、同様にPHPアプリケーションでも脆弱性が悪用された事例は多数あります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 2,566

ID Title
CVE-2017-15808 In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVE-2017-15809 In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
CVE-2017-15810 Cross-Site Scripting (XSS) in csharp (CVE-2017-15810)
CVE-2017-15811 Cross-Site Scripting (XSS) in wordpress (CVE-2017-15811)
CVE-2017-15380 Cross-Site Scripting (XSS) in softwarepublico (CVE-2017-15380)
CVE-2017-15381 SQL Injection in sqli (CVE-2017-15381)
CVE-2017-15580 Unrestricted File Upload in osticket (CVE-2017-15580)
CVE-2017-15730 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
CVE-2017-15731 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.adminlog.php.
CVE-2017-15732 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.
CVE-2017-15733 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-15733)
CVE-2017-15734 In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.main.php.
CVE-2017-15736 Cross-Site Scripting (XSS) in spip (CVE-2017-15736)
CVE-2017-15648 In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the page_title parameter.
CVE-2012-6707 Vulnerability in wordpress (CVE-2012-6707)
CVE-2015-7714 SQL Injection in sqli (CVE-2015-7714)
CVE-2015-7715 Cross-Site Request Forgery (CSRF) in csrf (CVE-2015-7715)
CVE-2017-14322 Authentication Bypass in interspire (CVE-2017-14322)
CVE-2017-14956 Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-14956)
CVE-2014-8491 Information Disclosure in wordpress (CVE-2014-8491)
CVE-2017-15578 SQL Injection in sqli (CVE-2017-15578)
CVE-2017-15579 SQL Injection in sqli (CVE-2017-15579)
CVE-2017-15539 SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php.
CVE-2017-15538 Cross-Site Scripting (XSS) in ilias (CVE-2017-15538)
CVE-2015-7806 Command Injection in wordpress (CVE-2015-7806)
CVE-2014-2664 Unrestricted File Upload in x2engine (CVE-2014-2664)
CVE-2017-15384 rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action.
CVE-2014-8087 Cross-Site Scripting (XSS) in wordpress (CVE-2014-8087)
CVE-2014-8621 SQL Injection in wordpress (CVE-2014-8621)
CVE-2017-15373 SQL Injection in sqli (CVE-2017-15373)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →