CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10064 – VictorFerraresi pokemon-database-php sql injection
https://notcve.org/view.php?id=CVE-2015-10064
17 Jan 2023 — A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. • https://github.com/VictorFerraresi/pokemon-database-php/commit/dd0e1e6cdf648d6a3deff441f515bcb1d7573d68 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-10050 – brandonfire miRNA_Database_by_PHP_MySql model.php count_rna sql injection
https://notcve.org/view.php?id=CVE-2015-10050
15 Jan 2023 — A vulnerability was found in brandonfire miRNA_Database_by_PHP_MySql. It has been declared as critical. This vulnerability affects the function __construct/select_single_rna/count_rna of the file inc/model.php. The manipulation leads to sql injection. The patch is identified as 307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a. • https://github.com/brandonfire/miRNA_Database_by_PHP_MySql/commit/307c5d510841e6142ddcbbdbb93d0e8a0dc3fd6a • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 3CVE-2009-10001 – jianlinwei cool-php-captcha example-form.php cross site scripting
https://notcve.org/view.php?id=CVE-2009-10001
13 Jan 2023 — A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/jianlinwei/cool-php-captcha/commit/c84fb6b153bebaf228feee0cbf50728d27ae3f80 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2012-10005 – manikandan170890 php-form-builder-class Textarea Textarea.php cross site scripting
https://notcve.org/view.php?id=CVE-2012-10005
12 Jan 2023 — A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://code.google.com/archive/p/php-form-builder-class/issues/184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31631 – PDO::quote() may return unquoted string
https://notcve.org/view.php?id=CVE-2022-31631
11 Jan 2023 — In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force th... • https://bugs.php.net/bug.php?id=81740 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 11%CPEs: 6EXPL: 1CVE-2021-30134
https://notcve.org/view.php?id=CVE-2021-30134
26 Dec 2022 — php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. php-mod/curl (un contenedor de la extensión PHP cURL) anterior a 2.3.2 permite XSS a través del parámetro clave post_file_path_upload.php y los datos POST en post_multidimensional.php. • https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4455 – sproctor php-calendar index.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-4455
13 Dec 2022 — A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is a2941109b42201c19733127ced763e270a357809. • https://github.com/sproctor/php-calendar/commit/a2941109b42201c19733127ced763e270a357809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2021-35284
https://notcve.org/view.php?id=CVE-2021-35284
23 Nov 2022 — SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. Vulnerabilidad de inyección SQL en la función get_user en login_manager.php en rizalafani cms-php v1. • https://github.com/rizalafani/cms-php/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3972 – Pingkon HMS-PHP adminlogin.php sql injection
https://notcve.org/view.php?id=CVE-2022-3972
13 Nov 2022 — A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. • https://github.com/Pingkon/HMS-PHP/issues/1 • CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3973 – Pingkon HMS-PHP Data Pump Metadata admin.php sql injection
https://notcve.org/view.php?id=CVE-2022-3973
13 Nov 2022 — A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Pingkon/HMS-PHP/issues/1 • CWE-707: Improper Neutralization •