Advisories archive Searching 27032 links categorized as php vuln/adviso since 2003-04-07 Search : Search in all sources Disable validation filter
27032 results found, please narrow your search...CVE-2022-33128 | Ruijie RG-EG350 11.1(6) alarmService.php get_alarmAction SQL InjectionIn OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed.In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote AttacksWordPress Download Manager 3.2.43 Cross Site ScriptingCVE-2022-31062 | GLPI Inventory Plugin bis 1.0.1 System Files b/deploy/index.php Directory Traversal (GHSA-q33f-jcjf-p4v9)CVE-2022-33119 | NUUO Network Video Recorder NVRsolo 03.06.02 login.php Cross Site ScriptingCVE-2022-31374 | Contec SolarView Compact 1.php/6.0 /images/background/1.php erweiterte RechteCVE-2022-31373 | Contec SolarView Compact 6.0 Solar_AiConf.php Cross Site ScriptingCVE-2021-25088 | XML Sitemaps Plugin bis 4.1.2 auf WordPress Debug Page Cross Site ScriptingCVE-2022-1905 | Events Made Easy Plugin bis 2.2.80 auf WordPress SQL InjectionCVE-2022-1801 | Very Simple Contact Form Plugin bis 11.5 auf WordPress Hidden Input Field schwache AuthentisierungCVE-2022-1472 | Better Find and Replace Plugin bis 1.3.5 auf WordPress SQL InjectionCVE-2022-1829 | Inline Google Maps Plugin bis 5.11 auf WordPress Setting Cross Site Request ForgeryCVE-2021-25121 | Bestwebsoft Rating Plugin bis 1.5 auf WordPress Denial of ServiceCVE-2022-1939 | Allow svg Files Plugin bis 1.0 auf WordPress erweiterte RechteCVE-2022-1614 | WP-EMail Plugin bis 2.68.x auf WordPress REMOTE_ADDR erweiterte RechteCVE-2022-0663 | PrintFriendly Print, PDF, Email Plugin bis 5.2.2 auf WordPress Custom Button Text Setting Cross Site ScriptingCVE-2021-25104 | Ocean Extra Plugin bis 1.9.4 auf WordPress Cross Site ScriptingCVE-2022-1830 | Amazon Einzeltitellinks Plugin bis 1.3.3 auf WordPress Setting Cross Site Request ForgeryCVE-2022-1818 | Multi-Page Toolkit Plugin bis 2.6 auf WordPress Setting Cross Site Request ForgeryCVE-2022-1945 | Colorlib Coming Soon & Maintenance Mode Plugin bis 1.0.98 auf WordPress Setting Cross Site ScriptingCVE-2022-1915 | WP Zillow Review Slider Plugin bis 2.3 auf WordPress Setting Cross Site ScriptingCVE-2022-1896 | underConstruction Plugin bis 1.20 auf WordPress Display a custom page using your own HTML Cross Site ScriptingCVE-2022-1895 | underConstruction Plugin bis 1.19 auf WordPress Cross Site Request ForgeryCVE-2022-33913 | Mahara vor 21.04.6/21.10.4/22.04.2 thumb.php erweiterte RechteCVE-2021-46820 | XOS-Shop 1.0.9 categories.php current_manufacturer_image Denial of ServiceCVE-2021-37764 | XOS-Shop 1.0.9 manufacturers.php current_manufacturer_image Denial of ServiceOver a Million WordPress Sites Forcibly Updated to Patch a Critical Plugin VulnerabilityCVE-2022-31357 | janobe Online Ordering System 2.3.2 index.php id SQL InjectionCVE-2022-31356 | janobe Online Ordering System 2.3.2 index.php id SQL InjectionCVE-2022-31355 | janobe Online Ordering System 2.3.2 index.php search SQL InjectionCVE-2022-32444 | u5cms 8.3.5 /loginsave.php Redirect (ID 50)CVE-2022-28612 | Muneeb Custom Popup Builder Plugin bis 1.3.1 auf WordPress Cross Site ScriptingCVE-2021-36891 | Supsystic Photo Gallery Plugin bis 1.15.5 auf WordPress Setting Cross Site Request ForgeryCVE-2022-29450 | Admin Management Xtended Plugin bis 2.4.4 auf WordPress Cross Site Request ForgeryCVE-2022-29443 | Nicdark Hotel Booking Plugin bis 3.0 auf WordPress Cross Site ScriptingCVE-2022-29441 | Private Messages Plugin bis 2.1.10 auf WordPress Message Cross Site Request ForgeryCVE-2022-29440 | Promotion Slider Plugin bis 3.3.4 auf WordPress Cross Site ScriptingCVE-2022-29439 | NextCode Image Slider Plugin bis 1.1.2 auf WordPress Cross Site Request ForgeryCVE-2022-29438 | NextCode Image Slider Plugin bis 1.1.2 auf WordPress Cross Site ScriptingCVE-2022-29437 | NextCode Image Slider Plugin bis 1.1.2 auf WordPress Cross Site Request ForgeryCVE-2022-29442 | Messages bis 2.1.10 auf WordPress Cross Site ScriptingCVE-2022-31625 | PHP bis 7.4.29/8.0.19/8.1.6 Parametrized Query Remote Code Execution (ID 81720)CVE-2022-31626 | PHP bis 7.4.29/8.0.19/8.1.6 pdo_mysql password Pufferüberlauf (ID 81719)CVE-2021-41654 | Wuzhicms 4.1.0 index.php keyValue SQL Injection (ID 198)CVE-2022-2086 | SourceCodester Bank Management System 1.0 login.php password SQL InjectionCVE-2022-2087 | SourceCodester Bank Management System 1.0 /mnotice.php notice Cross Site ScriptingCVE-2022-32301 | YoudianCMS 9.5.0 ApiAction.class.php IdList SQL InjectionCVE-2022-32300 | YoudianCMS 9.5.0 MailAction.class.php MailSendID SQL InjectionA vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launchCVE-2021-40678 | Piwigo 11.5.0 admin.php Cross Site Scripting (ID 1476)CVE-2022-32336 | Fast Food Ordering System 1.0 view_menu.php id SQL InjectionCVE-2022-27231 | WP Statistics bis 13.1.x auf WordPress Platform Parameter Cross Site ScriptingCVE-2022-1595 | HC Custom WP-Admin URL Plugin bis 1.4 auf WordPress Secret Login URL Information DisclosureCVE-2022-1412 | Log WP_Mail Plugin bis 0.1 auf WordPress Email Information DisclosureCVE-2022-1202 | WP-CRM Plugin bis 1.2.1 auf WordPress erweiterte RechteCVE-2022-0827 | Bestbooks Plugin bis 2.6.3 auf WordPress SQL InjectionCVE-2022-0786 | KiviCare Plugin bis 2.3.8 auf WordPress AJAX Action ajax_post SQL InjectionCVE-2022-0745 | Like Button Rating Plugin bis 2.6.44 auf WordPress Email erweiterte RechteCVE-2022-1694 | Useful Banner Manager Plugin bis 1.6.1 auf WordPress POST Request Cross Site Request ForgeryCVE-2022-1772 | Google Places Reviews Plugin bis 1.x auf WordPress Google API Key Setting Cross Site ScriptingCVE-2022-1656 | JupiterX Theme bis 2.0.6 lib/api/api/ajax.php jupiterx_api_ajax_ erweiterte RechteCVE-2022-1985 | Download Manager Plugin bis 3.2.42 auf WordPress shortcode-iframe.php frameid Cross Site ScriptingCVE-2022-1549 | WP Athletics Plugin bis 1.1.7 auf WordPress Admin Dashboard Cross Site ScriptingCVE-2022-1532 | Themify Plugin bis 1.3.7 auf WordPress Admin Page page Cross Site ScriptingCVE-2022-1336 | Carousel CK Plugin bis 1.1.0 auf WordPress Slide Description Cross Site ScriptingCVE-2022-1335 | Slideshow CK Plugin bis 1.4.9 auf WordPress Description Cross Site ScriptingCVE-2022-1208 | Ultimate Member Plugin bis 2.3.2 auf WordPress User Profile Biography Cross Site ScriptingCVE-2022-0626 | Advanced Admin Search Plugin bis 1.1.2 auf WordPress Admin Page Cross Site ScriptingCVE-2021-25116 | Enqueue Anything Plugin bis 1.0.1 auf WordPress AJAX Action remove_asset erweiterte RechteCVE-2022-0209 | Mitsol Social Post Feed Plugin bis 1.10 auf WordPress Cross Site ScriptingCVE-2022-1659 | JupiterX Core 2.0.6 auf WordPress Configuration class-condition-manager.php jupiterx_conditional_manager sub_action erweiterte RechteCVE-2022-1658 | Jupiter Theme 6.10.1 auf WordPress AJAX Action plugin-management.php abb_remove_plugin erweiterte RechteCVE-2022-1657 | Jupiter Theme/JupiterX Theme auf WordPress AJAX Action jupiterx_cp_load_pane_action Directory TraversalCVE-2022-1749 | WPMK Ajax Finder Plugin bis 1.0.1 auf WordPress create-plugin-config.php createplugin_atf_admin_setting_page Cross Site Request ForgeryCVE-2022-1768 | RSVPMaker Plugin bis 9.3.2 auf WordPress ~/rsvpmaker-email.php SQL InjectionCVE-2022-1961 | Google Tag Manager Plugin bis 1.15.1 auf WordPress ~/public/frontend.php gtm4wp-options[scroller-contentid] Cross Site ScriptingCVE-2022-29455 | Elementor Website Builder Plugin bis 3.5.5 auf WordPress Cross Site ScriptingCVE-2022-1654 | Jupiter Theme/JupiterX Core Plugin auf WordPress abb_uninstall_template erweiterte RechteCVE-2021-44266 | GUnet Open eClass bis 3.12.1 formuser.php auth Cross Site ScriptingCVE-2021-41756 | dynamicMarkt bis 3.10 index.php kat SQL InjectionWordPress Download Manager 3.2.42 Cross Site ScriptingA vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely.A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiatedA vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attackA vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can beA vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit hasA vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";><script>alert(8)</scriptA vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiatedA vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attackCVE-2022-31325 | ChurchCRM 4.4.5 WhyCameEditor.php PersonID SQL Injection (ID 6005)CVE-2022-30287 | Horde Webmail Address Book Driver.php create erweiterte RechteA vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed toCVE-2022-1421 | Discy Theme bis 5.1 auf WordPress AJAX Action Cross Site Request ForgeryCVE-2022-1686 | Five Minute Webshop Plugin bis 1.3.2 auf WordPress Admin Dashboard id SQL InjectionCVE-2022-1685 | Five Minute Webshop Plugin bis 1.3.2 auf WordPress Manage Products Admin Page orderby SQL InjectionCVE-2022-1684 | Cube Slider Plugin bis 1.2 auf WordPress idslider SQL InjectionCVE-2022-1683 | amtyThumb Plugin bis 4.2.0 auf WordPress Shortcode a SQL InjectionCVE-2022-1424 | Ask Me Theme bis 6.8.1 auf WordPress AJAX Action Cross Site Request Forgery