Home
Home
Grey Skin Blue Skin Green Skin Red Skin
Last holes
Awesome Support Plugin bis 6.0.6 auf WordPress id/assignee Cross Site Scripting
2021-11-26
(38hits)
Floating Social Media Icon Plugin bis 4.3.5 auf WordPress Social Media Configuration Form Cross Site Scripting
2021-11-26
(37hits)
WordPress bis 5.7 Update URI Plugin Header Remote Code Execution
2021-11-25
(46hits)
PHP Event Calendar Lite Edition SQL Injection
2021-11-25
(42hits)
CMSimple 5.4 Local File Inclusion / Remote Code Execution
2021-11-25
(43hits)
Hide My WP Plugin bis 6.2.3 auf WordPress erweiterte Rechte [CVE-2021-36917]
2021-11-25
(41hits)
Hide My WP Plugin bis 6.2.3 auf WordPress hmwp_get_user_ip SQL Injection
2021-11-25
(43hits)
Barcode bis 2.6.0 auf GLPI front/send.php Directory Traversal
2021-11-25
(26hits)
Push Notifications bis 6.0.0 auf WordPress Cross Site Request Forgery
2021-11-24
(44hits)
MainWP Child Plugin bis 4.1.7 auf WordPress orderby/order SQL Injection
2021-11-24
(76hits)
ImageBoss Plugin bis 3.0.5 auf WordPress Setting Source Name Cross Site Scripting
2021-11-24
(88hits)
Product Catalog Plugin for Plugin vor 3.0.39 auf WordPress Parameter ic-settings-search Cross Site Scripting
2021-11-24
(88hits)
MAZ Loader Plugin bis 1.3.4 auf WordPress Nonce Cross Site Request Forgery
2021-11-24
(76hits)
Reviews Plus Plugin bis 1.2.13 auf WordPress Rating Submission post/page Denial of Service
2021-11-24
(77hits)
Advanced Forms Free/Advanced Forms Pro bis 1.6.8 auf WordPress erweiterte Rechte
2021-11-24
(62hits)
GoDaddy Data Breach Exposes Over 1 Million WordPress Customers' Data
2021-11-23
(84hits)
Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors.
2021-11-21
(108hits)
Simplephpscripts Simple CMS 2.1 Multiple SQL Injection
2021-11-19
(77hits)
WPO365 LOGIN Plugin bis 15.3 auf WordPress Cross Site Scripting
2021-11-19
(77hits)
Duplicate Post Plugin bis 1.1.9 auf WordPress SQL Injection [CVE-2021-43408]
2021-11-19
(92hits)
WordPress Smart Product Review 1.0.4 Shell Upload
2021-11-18
(65hits)
WordPress Preview E-mails For WooCommerce 1.6.8 Cross Site Scripting
2021-11-18
(87hits)
WP Reset PRO Premium Plugin bis 5.98 auf WordPress Database Rest Cross Site Request Forgery
2021-11-18
(77hits)
WP Reset PRO Premium Plugin bis 5.98 auf WordPress erweiterte Rechte
2021-11-18
(70hits)
Montala ResourceSpace bis 9.5 Parameter index.php wordpress_user Cross Site Scripting
2021-11-18
(114hits)
Contact Form Email Plugin bis 1.3.24 auf WordPress cp-admin-int-list.inc.php name Cross Site Scripting
2021-11-18
(115hits)
Popular Posts Plugin bis 5.3.2 auf WordPress ~/src/Image.php erweiterte Rechte
2021-11-17
(84hits)
301 Redirect Manager Plugin bis 8.1 auf WordPress offset SQL Injection
2021-11-17
(90hits)
Simple JWT Login Plugin bis 3.2.0 auf WordPress Nonce Cross Site Request Forgery
2021-11-17
(80hits)
Stream Plugin bis 3.8.1 auf WordPress Stream Records Admin Dashboard order SQL Injection
2021-11-17
(83hits)
Email Log Plugin bis 2.4.6 auf WordPress orderby/order SQL Injection
2021-11-17
(82hits)
Colorful Categories Plugin vor 2.0.15 auf WordPress Taxonomy Color Cross Site Request Forgery
2021-11-17
(62hits)
Sourcecodester Online Learning System 2.0 Admin Login /admin/login.php schwache Authentisierung
2021-11-17
(66hits)
Montala ResourceSpace vor 9.6 rev 18277 pages/ajax/tiles.php provider/variant Directory Traversal
2021-11-17
(70hits)
WordPress WPSchoolPress 2.1.16 Cross Site Scripting
2021-11-16
(82hits)
PHP Laravel 8.70.1 Cross Site Scripting (XSS) to Cross Site Request Forgery (CSRF)
2021-11-15
(91hits)
WordPress Plugin Hotel Listing 3 Multiple Cross-Site Scripting (XSS)
2021-11-15
(89hits)
Cacti bis 1.2.17 Template Import Cross Site Scripting
2021-11-14
(72hits)
Laravel bis 8.70.2 auf Debian Image Upload ValidatesAttributes.php erweiterte Rechte
2021-11-14
(81hits)
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
2021-11-14
(74hits)
WordPress WP Symposium Pro 2021.10 Cross Site Scripting
2021-11-14
(101hits)
PHP Melody 3.0 Multiple Cross-Site Scripting (XSS)
2021-11-12
(93hits)
Genie WP Favicon Plugin bis 0.5.2 auf WordPress Cross Site Request Forgery
2021-11-09
(119hits)
Schreikasten Plugin bis 0.14.18 auf WordPress Comments Dashboard id SQL Injection
2021-11-09
(112hits)
Support Board Plugin bis 3.3.4 auf WordPress notes Cross Site Scripting
2021-11-09
(110hits)
WPSchoolPress bis 2.1.16 auf WordPress Attribute sanitize_text_field Cross Site Scripting
2021-11-09
(100hits)
Booking.com Banner Creator Plugin bis 1.4.2 auf WordPress Cross Site Scripting
2021-11-09
(107hits)
Booking.com Product Helper Plugin bis 1.0.1 auf WordPress Shortcode Product Code Cross Site Scripting
2021-11-09
(88hits)
Chameleon CSS Plugin bis 1.2 auf WordPress POST Parameter remove_css css_id SQL Injection
2021-11-09
(85hits)
AddToAny Share Buttons Plugin vor 1.7.48 auf WordPress Image Button Setting Cross Site Scripting
2021-11-09
(81hits)
Storefront Footer Text Plugin bis 1.0.1 auf WordPress Footer Credit Text Cross Site Scripting
2021-11-09
(90hits)
Affiliates Manager Plugin bis 2.8.6 auf WordPress Admin Dashboard orderby SQL Injection
2021-11-09
(96hits)
Visitor Traffic Real Time Statistics Plugin bis 3.8 auf WordPress AJAX Action today_traffic_index SQL Injection
2021-11-09
(89hits)
Asgaros Forum Plugin vor 1.15.13 auf WordPress Topic SQL Injection
2021-11-09
(86hits)
Phoenix Media Rename Plugin bis 3.4.3 auf WordPress AJAX Action phoenix_media_rename erweiterte Rechte
2021-11-09
(97hits)
BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
2021-11-09
(87hits)
G Auto-Hyperlink Plugin bis 1.0.1 auf WordPress Admin Dashboard id SQL Injection
2021-11-08
(74hits)
SpiderCatalog Plugin bis 1.7.3 auf WordPress Admin Dashboard parent/ordering SQL Injection
2021-11-08
(67hits)
WPSchoolPress Plugin bis 2.1.9 auf WordPress POST Variable SQL Injection
2021-11-08
(72hits)
Squaretype Theme bis 3.0.3 auf WordPress REST Endpoint query_vars erweiterte Rechte
2021-11-08
(70hits)
wpDiscuz Plugin bis 7.3.3 auf WordPress Comments Cross Site Request Forgery
2021-11-08
(81hits)
Frontend Manager for WooCommerce Plugin bis 6.5.11 auf WordPress withdrawal_vendor SQL Injection
2021-11-08
(81hits)
Registration Forms Plugin vor 3.1.7.6 auf WordPress Social Login schwache Authentisierung
2021-11-08
(69hits)
Post Content XMLRPC Plugin bis 1.0 auf WordPress Admin Dashboard POST SQL Injection
2021-11-08
(70hits)
Wow Forms Plugin bis 3.1.3 auf WordPress Admin Dash did SQL Injection
2021-11-08
(76hits)
Sourcecodester Online Enrollment Management System in PHP 1.0 Add-Users Page Name Cross Site Scripting
2021-11-08
(70hits)
Loco Translate Plugin bis 2.5.3 auf WordPress erweiterte Rechte
2021-11-08
(69hits)
Similar Posts Plugin bis 3.1.5 auf WordPress Environment widget_rrm_similar_posts_condition erweiterte Rechte
2021-11-08
(73hits)
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function.
2021-11-08
(122hits)
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.
2021-11-08
(123hits)
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function.
2021-11-08
(125hits)
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.
2021-11-08
(130hits)
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.
2021-11-08
(132hits)
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.
2021-11-07
(132hits)
WP DSGVO Tools bis 3.1.23 auf WordPress AJAX Request erweiterte Rechte
2021-11-06
(113hits)
PHPGurukul Shopping 3.1 Parameter Cross Site Scripting
2021-11-05
(108hits)
PHPGurukul Hospital Management System 4.0 Parameter Cross Site Scripting
2021-11-05
(104hits)
Sourcecodester Engineers Online Portal in PHP Quiz add_quiz.php title/description Cross Site Scripting
2021-11-05
(108hits)
Sourcecodester Engineers Online Portal in PHP File Upload uploads schwache Authentisierung
2021-11-05
(91hits)
Sourcecodester Engineers Online Portal in PHP dashboard_teacher.php erweiterte Rechte
2021-11-05
(88hits)
Sourcecodester Engineers Online Portal in PHP Login Form index.php SQL Injection
2021-11-05
(88hits)
SourceCodester Online Event Booking and Reservation System index.php msg erweiterte Rechte
2021-11-05
(94hits)
Sourcecodester Engineers Online Portal in PHP Parameter announcements_student.php id SQL Injection
2021-11-05
(90hits)
Sourcecodester Engineers Online Portal in PHP Parameter my_classmates.php id SQL Injection
2021-11-05
(80hits)
Sourcecodester Engineers Online Portal in PHP Parameter quiz_question.php id SQL Injection
2021-11-05
(87hits)
MyBB bis 1.8.28 Admin CP Settings Management erweiterte Rechte
2021-11-05
(77hits)
ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or
2021-11-03
(99hits)
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.
2021-11-03
(94hits)
SourceCodester Customer Relationship Management 1.0 customer/login.php username SQL Injection
2021-11-03
(103hits)
PHP-Fusion 9.03.50 Polls poll_admin.php Cross Site Scripting
2021-11-03
(125hits)
xujinliang zibbs 1.0 Parameter AdminController.php bbsmeta Cross Site Scripting
2021-11-03
(116hits)
xujinliang zibbs 1.0 Parameter index.php route Cross Site Scripting
2021-11-03
(118hits)
188Jianzhan 2.1.0 Parameter login.php username SQL Injection
2021-11-03
(124hits)
PHPOK 5.1 framework/init.php Pufferüberlauf
2021-11-03
(110hits)
PHPOK 5.1 tpl_control.php edit_save_f Privilege Escalation
2021-11-03
(97hits)
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.
2021-11-02
(77hits)
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
2021-11-02
(86hits)
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.
2021-11-02
(83hits)
WordPress Pie Register 3.7.1.4 Authentication Bypass / Remote Code Execution
2021-11-02
(75hits)
Hashthemes Demo Importer Plugin bis 1.1.1 auf WordPress wp-content/uploads erweiterte Rechte
2021-11-02
(126hits)
Millken DOYOCMS 2.3 sysupload.php erweiterte Rechte
2021-11-02
(114hits)
Millken DOYOCMS 2.3 Parameter pay.php attribute SQL Injection
2021-11-02
(127hits)
AVideo/YouPHPTube bis 10.0 Variable save.php unbekannte Schwachstelle
2021-11-01
(104hits)
AVideo/YouPHPTube bis 10.0 videoName Cross Site Scripting
2021-11-01
(110hits)
AVideo/YouPHPTube bis 10.0 u Cross Site Scripting
2021-11-01
(112hits)
AVideo/YouPHPTube AVideo/YouPHPTube bis 10.0 searchPhrase Cross Site Scripting
2021-11-01
(116hits)
AVideo/YouPHPTube AVideo/YouPHPTube bis 10.0 Parameter catName SQL Injection
2021-11-01
(118hits)
Flat Preloader Plugin bis 1.5.4 auf WordPress Frontend Cross Site Scripting
2021-11-01
(138hits)
Accept Donations with PayPal Plugin bis 1.3.0 auf WordPress Donation Button Cross Site Request Forgery
2021-11-01
(133hits)
Delete All Comments Easily Plugin bis 1.3 auf WordPress Cross Site Request Forgery
2021-11-01
(127hits)
WP-Stats Plugin vor 2.52 auf WordPress Cross Site Scripting [CVE-2015-10001]
2021-11-01
(137hits)
Events Made Easy Plugin vor 2.2.24 auf WordPress Custom Field Cross Site Scripting
2021-11-01
(136hits)
BP Better Messages Plugin vor 1.9.9.41 auf WordPress AJAX Action Cross Site Request Forgery
2021-11-01
(116hits)
BP Better Messages Plugin vor 1.9.9.41 auf WordPress Parameter sanitize_text_field subject Cross Site Scripting
2021-11-01
(121hits)
Far Future Expiry Header Plugin bis 1.4 auf WordPress Cross Site Request Forgery
2021-11-01
(111hits)
Connections Business Directory Plugin bis 10.4.2 auf WordPress Address Setting Cross Site Scripting
2021-11-01
(114hits)
The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads
2021-11-01
(115hits)
The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues
2021-11-01
(113hits)
The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress
2021-11-01
(117hits)
The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which could allow unauthenticated users to upload arbitrary files to the web
2021-11-01
(114hits)
WordPress NextScripts: Social Networks Auto-Poster 4.3.20 XSS
2021-11-01
(117hits)
Symphony 2.7.10 class.xmlelement.php XML External Entity
2021-11-01
(116hits)
A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter.
2021-11-01
(109hits)
A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attack
2021-11-01
(107hits)
A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS).
2021-11-01
(103hits)
A XML External Entity (XXE) vulnerability was discovered in symphonylibtoolkitclass.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS).
2021-11-01
(109hits)
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.
2021-10-31
(85hits)
PHP Melody 3.0 SQL Injection
2021-10-30
(94hits)
PHPGurukul Hostel Management System 2.1 Cross-site request forgery (CSRF) to Cross-site Scripting (XSS)
2021-10-30
(84hits)
A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
2021-10-28
(99hits)
A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0.
2021-10-28
(114hits)
PHPGurukul News Portal Project 3.1 category/subcategory/sucatdescription/username SQL Injection
2021-10-28
(106hits)
PHPGurukul Online Shopping Portal 3.1 Parameter /check_availability.php email SQL Injection
2021-10-28
(110hits)
SourceCodester Vehicle Parking Management System 1.0 add-vehicle.php Cross Site Scripting
2021-10-28
(107hits)
CSZ CMS 1.2.4 /core/MY_Security.php erweiterte Rechte
2021-10-28
(91hits)
Sourcecodester Online Covid Vaccination Scheduler System 1.0 lognin.php username SQL Injection
2021-10-28
(85hits)
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
2021-10-28
(114hits)
PHP Advisories/Bugs/Vulns frequency for this month
24790 111117140 0 10 4218630 10 17620 0 0 0 
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

PHP RGB to Hex Converter (New)
2021-11-26
Floating Social Media Icon Plugin bis 4.3.5 auf WordPress Social Media Configuration Form Cross Site Scripting
2021-11-26
Awesome Support Plugin bis 6.0.6 auf WordPress id/assignee Cross Site Scripting
2021-11-26
Laravel Comment System with VUE.js
2021-11-26
WordPress bis 5.7 Update URI Plugin Header Remote Code Execution
2021-11-25
CMSimple 5.4 Local File Inclusion / Remote Code Execution
2021-11-25
PHP Event Calendar Lite Edition SQL Injection
2021-11-25
Barcode bis 2.6.0 auf GLPI front/send.php Directory Traversal
2021-11-25
Hide My WP Plugin bis 6.2.3 auf WordPress hmwp_get_user_ip SQL Injection
2021-11-25
Hide My WP Plugin bis 6.2.3 auf WordPress erweiterte Rechte [CVE-2021-36917]
2021-11-25
Mezon Infrastructure Layer (New)
2021-11-25
Push Notifications bis 6.0.0 auf WordPress Cross Site Request Forgery
2021-11-24
MAZ Loader Plugin bis 1.3.4 auf WordPress Nonce Cross Site Request Forgery
2021-11-24
Product Catalog Plugin for Plugin vor 3.0.39 auf WordPress Parameter ic-settings-search Cross Site Scripting
2021-11-24
ImageBoss Plugin bis 3.0.5 auf WordPress Setting Source Name Cross Site Scripting
2021-11-24
  News browser

PHP Tutorial PHPBasics Installation Guide, Data Types, Variables, and Operators, Control structures, Functions, Strings, Regular expression, Error Handling, Cookies+Sessions, and many more..

SQLi The SQL Injection Knowledge Base is the ultimate resource regarding SQL Injections. Here you will find everything there is to know about SQL Injections.

phpseclib phpSec is a open-source, PSR-0 compatible, PHP security library that takes care of the common security tasks a web developer faces.

Class:sql_inject - This class is meant to search in your SQL data values for special characters that may change the meaning of your SQL data and execute actions that may compromise the security of servers.

Top 10 Links
÷ phpforge
÷ KillerProtection
÷ PY-Membres
÷ ALP - Banner Ad
÷ PhenHP Album
÷ CuteNews
÷ phpMyNewsletter
÷ LokwaBB
÷ Avotravis
÷ Kietu










French English Russian