Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: php Clear
ID Title
CVE-2017-15985 Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter.
CVE-2017-15987 SQL Injection in sqli (CVE-2017-15987)
SQL injection in sqli (CVE-2017-15987). Successful exploitation can lead to full system takeover.
CVE-2017-15988 SQL Injection in sqli (CVE-2017-15988)
SQL injection in sqli (CVE-2017-15988). Successful exploitation can lead to full system takeover.
CVE-2017-15989 SQL Injection in sqli (CVE-2017-15989)
SQL injection in sqli (CVE-2017-15989). Successful exploitation can lead to full system takeover.
CVE-2017-15990 Unrestricted File Upload in savsofteproducts (CVE-2017-15990)
vulnerability in savsofteproducts (CVE-2017-15990). Successful exploitation can lead to full system takeover.
CVE-2017-15991 SQL Injection in sqli (CVE-2017-15991)
SQL injection in sqli (CVE-2017-15991). Successful exploitation can lead to full system takeover.
CVE-2017-15992 Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
Website Broker Script allows SQL Injection via the 'status_id' Parameter to status_list.php.
CVE-2017-15993 Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter.
CVE-2017-16230 Cross-Site Scripting (XSS) in typecho (CVE-2017-16230)
cross-site scripting in typecho (CVE-2017-16230). Risk of unauthorized operations or information disclosure.
CVE-2017-7411 Code Injection in enalean (CVE-2017-7411)
code injection in enalean (CVE-2017-7411). Successful exploitation can lead to full system takeover.
CVE-2017-16000 SQL Injection in sqli (CVE-2017-16000)
SQL injection in sqli (CVE-2017-16000). Successful exploitation can lead to full system takeover.
CVE-2017-15975 SQL Injection in sqli (CVE-2017-15975)
SQL injection in sqli (CVE-2017-15975). Successful exploitation can lead to full system takeover.
CVE-2017-15976 SQL Injection in sqli (CVE-2017-15976)
SQL injection in sqli (CVE-2017-15976). Successful exploitation can lead to full system takeover.
CVE-2017-15956 Vulnerability in converto-video-downloader-converter-project (CVE-2017-15956)
vulnerability in converto-video-downloader-converter-project (CVE-2017-15956). Confidential information can be exposed externally.
CVE-2017-15957 Unrestricted File Upload in ingenious-school-management-system-project (CVE-2017-15957)
vulnerability in ingenious-school-management-system-project (CVE-2017-15957). Successful exploitation can lead to full system takeover.
CVE-2017-15958 D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
CVE-2017-15960 SQL Injection in sqli (CVE-2017-15960)
SQL injection in sqli (CVE-2017-15960). Successful exploitation can lead to full system takeover.
CVE-2017-15961 iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
CVE-2017-15963 SQL Injection in sqli (CVE-2017-15963)
SQL injection in sqli (CVE-2017-15963). Successful exploitation can lead to full system takeover.
CVE-2017-15966 SQL Injection in sqli (CVE-2017-15966)
SQL injection in sqli (CVE-2017-15966). Successful exploitation can lead to full system takeover.
CVE-2017-15968 MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
CVE-2017-15970 SQL Injection in sqli (CVE-2017-15970)
SQL injection in sqli (CVE-2017-15970). Successful exploitation can lead to full system takeover.
CVE-2017-15971 SQL Injection in sqli (CVE-2017-15971)
SQL injection in sqli (CVE-2017-15971). Successful exploitation can lead to full system takeover.
CVE-2017-15972 SQL Injection in sqli (CVE-2017-15972)
SQL injection in sqli (CVE-2017-15972). Successful exploitation can lead to full system takeover.
CVE-2017-15973 SQL Injection in sqli (CVE-2017-15973)
SQL injection in sqli (CVE-2017-15973). Successful exploitation can lead to full system takeover.
CVE-2017-15974 tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
CVE-2017-15946 SQL Injection in sqli (CVE-2017-15946)
SQL injection in sqli (CVE-2017-15946). Successful exploitation can lead to full system takeover. Exploitable via ``tag``.
CVE-2017-15949 SQL Injection in sqli (CVE-2017-15949)
SQL injection in sqli (CVE-2017-15949). Successful exploitation can lead to full system takeover.
CVE-2017-15935 Code Injection in artica (CVE-2017-15935)
code injection in artica (CVE-2017-15935). Successful exploitation can lead to full system takeover.
CVE-2017-15933 SQL Injection in sqli (CVE-2017-15933)
SQL injection in sqli (CVE-2017-15933). Successful exploitation can lead to full system takeover.
CVE-2012-4378 Cross-Site Scripting (XSS) in mediawiki (CVE-2012-4378)
cross-site scripting in mediawiki (CVE-2012-4378). Risk of unauthorized operations or information disclosure.
CVE-2014-2023 SQL Injection in sqli (CVE-2014-2023)
SQL injection in sqli (CVE-2014-2023). Successful exploitation can lead to full system takeover.
CVE-2017-15919 SQL Injection in wordpress (CVE-2017-15919)
SQL injection in wordpress (CVE-2017-15919). Successful exploitation can lead to full system takeover.
CVE-2017-15907 SQL Injection in sqli (CVE-2017-15907)
SQL injection in sqli (CVE-2017-15907). Successful exploitation can lead to full system takeover.
CVE-2017-15880 SQL Injection in sqli (CVE-2017-15880)
SQL injection in sqli (CVE-2017-15880). Successful exploitation can lead to full system takeover.
CVE-2017-15872 Cross-Site Scripting (XSS) in phpwcms (CVE-2017-15872)
cross-site scripting in phpwcms (CVE-2017-15872). Risk of unauthorized operations or information disclosure.
CVE-2017-15867 Cross-Site Scripting (XSS) in wordpress (CVE-2017-15867)
cross-site scripting in wordpress (CVE-2017-15867). Risk of unauthorized operations or information disclosure.
CVE-2017-15863 Cross-Site Scripting (XSS) in wordpress (CVE-2017-15863)
cross-site scripting in wordpress (CVE-2017-15863). Risk of unauthorized operations or information disclosure.
CVE-2014-1203 Command Injection in eyou (CVE-2014-1203)
command injection in eyou (CVE-2014-1203). Successful exploitation can lead to full system takeover.
CVE-2017-15081 In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
CVE-2011-4333 Cross-Site Scripting (XSS) in scilico (CVE-2011-4333)
cross-site scripting in scilico (CVE-2011-4333). Risk of unauthorized operations or information disclosure.
CVE-2011-4334 Unrestricted File Upload in labwiki-project (CVE-2011-4334)
vulnerability in labwiki-project (CVE-2011-4334). Successful exploitation can lead to full system takeover.
CVE-2012-4567 Cross-Site Scripting (XSS) in letodms-project (CVE-2012-4567)
cross-site scripting in letodms-project (CVE-2012-4567). Risk of unauthorized operations or information disclosure.
CVE-2012-4569 Cross-Site Scripting (XSS) in letodms-project (CVE-2012-4569)
cross-site scripting in letodms-project (CVE-2012-4569). Risk of unauthorized operations or information disclosure.
CVE-2012-4570 SQL Injection in sqli (CVE-2012-4570)
SQL injection in sqli (CVE-2012-4570). Successful exploitation can lead to full system takeover.
CVE-2015-5532 Cross-Site Scripting (XSS) in wordpress (CVE-2015-5532)
cross-site scripting in wordpress (CVE-2015-5532). Risk of unauthorized operations or information disclosure.
CVE-2015-5533 SQL Injection in wordpress (CVE-2015-5533)
SQL injection in wordpress (CVE-2015-5533). Successful exploitation can lead to full system takeover.
CVE-2017-15808 In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php.
CVE-2017-15809 In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a crafted tag.
CVE-2017-15810 Cross-Site Scripting (XSS) in csharp (CVE-2017-15810)
cross-site scripting in csharp (CVE-2017-15810). Risk of unauthorized operations or information disclosure.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →