Critical
CVE-2013-10043
A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection.…
Tag: PHP
All CVEs associated with "PHP". Page 43/312 • 37332 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37332 CVEs for this tag (all time). In the last 365 days, 6068 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-07-31
Critical
CVE-2013-10040
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to uploa…
Critical
CVE-2013-10038
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, al…
Critical
CVE-2013-10037
An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell comman…
High
CVE-2013-10035
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, i…
Critical
CVE-2013-10033
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST paramet…
High
CVE-2025-8407
A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the…
Medium
CVE-2025-8382
A vulnerability, which was classified as critical, was found in Campcodes Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/edit_room.php. The manipulation of th…
Medium
CVE-2025-8381
A vulnerability, which was classified as critical, has been found in Campcodes Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /add_reserve.php. The manipu…
Low
CVE-2025-8380
A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/add_query_account.php. The manipulatio…
Medium
CVE-2025-8379
A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument…
High
CVE-2025-8378
A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the com…
High
CVE-2025-8376
A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company lea…
High
CVE-2025-8375
A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argum…
High
CVE-2025-8374
A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argum…
High
CVE-2025-8373
A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads…
High
CVE-2025-8372
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation…
High
CVE-2025-8371
A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The m…
Medium
CVE-2025-8370
A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9. Affected is an unknown function of the file /intranet/educar_escolaridade_lst.php. The manipulation of the…
Medium
CVE-2025-8369
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educar_avaliacao_desempenho_lst.php.…
Medium
CVE-2025-8368
A vulnerability classified as problematic was found in Portabilis i-Educar 2.9. This vulnerability affects unknown code of the file /intranet/pesquisa_pessoa_lst.php. The manipulation of the argument…
Medium
CVE-2025-8367
A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9. This affects an unknown part of the file /intranet/funcionario_vinculo_lst.php. The manipulation of the argument n…
Medium
CVE-2025-8366
A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_lst.php. The manipul…
Low
CVE-2025-8365
A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file atendidos_cad.php. The manipulation…
Medium
CVE-2025-8346
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.10. Affected by this issue is some unknown functionality of the file /educar_aluno_lst.php. The manipulat…
Medium
CVE-2025-8345
A vulnerability classified as critical was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this vulnerability is the function delete_user of the file crm/Wei…
Medium
CVE-2025-8340
A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the co…
High
CVE-2025-8339
A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation o…
High
CVE-2025-8338
A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of t…
2025-07-30
Low
CVE-2025-8337
A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_vehicles.php. The…
High
CVE-2025-8336
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manip…
High
CVE-2025-8334
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action…
High
CVE-2025-8333
A vulnerability was found in code-projects Online Farm System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /categoryvalue.php. The man…
High
CVE-2025-8332
A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /register.php. The manipulation of the argument User…
High
CVE-2025-8331
A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument…
High
CVE-2025-8330
A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit1.php. The manipulation of the argument sno…
High
CVE-2025-52187
GetProjectsIdea Create School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in my_profile_update_form1.php.
High
CVE-2025-8329
A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company l…
High
CVE-2025-8328
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipu…
High
CVE-2025-8327
A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulati…
High
CVE-2025-8326
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/delete_s7.php. The manipulation of the argument ID…
2025-07-29
Medium
CVE-2024-43018
Piwigo 13.8.0 and below is vulnerable to SQL Injection in the parameters max_level and min_register. These parameters are used in ws_user_gerList function from file include\ws_functions\pwg.users.php…
Medium
CVE-2025-51045
Phpgurukul Pre-School Enrollment System 1.0 contains a SQL injection vulnerability in the /admin/password-recovery.php file. This vulnerability is attributed to the insufficient validation of user in…
Medium
CVE-2025-51044
phpgurukul Nipah virus (NiV) Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedi…
High
CVE-2025-44137
MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web req…
Critical
CVE-2025-44136
MapTiler Tileserver-php v2.0 is vulnerable to Cross Site Scripting (XSS). The GET parameter "layer" is reflected in an error message without html encoding. This leads to XSS and allows an unauthentic…
High
CVE-2025-51970
A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter.
Medium
CVE-2025-40686
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malici…
Medium
CVE-2025-40685
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malici…
Medium
CVE-2025-40684
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malici…
Medium
CVE-2025-40683
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malici…
Critical
CVE-2025-40682
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /co…
Critical
CVE-2025-8264
Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating th…
2025-07-28
High
CVE-2025-50486
Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.
High
CVE-2025-50485
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.
High
CVE-2025-50487
Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.
High
CVE-2025-50484
Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
High
CVE-2025-50492
Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking attack.
High
CVE-2025-50491
Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session hijacking attack.
High
CVE-2025-50489
Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
High
CVE-2025-50488
Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session hijacking attack.
High
CVE-2025-50494
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session hijacking attack.
High
CVE-2025-50493
Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
High
CVE-2025-50490
Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Critical
CVE-2025-54418
CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that use the ImageMagick handler for image processing (`imagic…
Medium
CVE-2025-32731
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arb…
Critical
CVE-2025-27724
A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker ca…
Medium
CVE-2025-24485
A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauth…
High
CVE-2025-8274
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=s…
High
CVE-2025-8273
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation of the argument cre…
High
CVE-2025-8272
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_fst.php. The manipulation of t…
High
CVE-2025-8271
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. The manipulation of th…
High
CVE-2025-8270
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s2.php. The manipulation of the argumen…
High
CVE-2025-8269
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s1.php. The manipulation…
High
CVE-2025-8261
A weakness has been identified in Vaelsys VaelsysV4 4.1.0. This vulnerability affects unknown code of the file /grid/vgrid_server.php of the component User Creation Handler. Executing a manipulation…
Low
CVE-2025-8260
A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgrid_server.php of the component Web interface. Performing a manipulation o…
High
CVE-2025-8259
A vulnerability was identified in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. Affected by this issue is the function execute_DataObjectProc of the file /grid/vgrid_server.php of the component Web interface.…
Medium
CVE-2025-8256
A vulnerability classified as critical has been found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/product.php. The manipulation of the argument ima…
High
CVE-2025-8255
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /register.php. The manipulation of the argum…
Medium
CVE-2025-8254
A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view_parcel.php. The manipulation of the a…
High
CVE-2025-8253
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s6.php. The manipulation of the argumen…
High
CVE-2025-8252
A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s5.php. The manipulation…
High
CVE-2025-8251
A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s4.php. The m…
High
CVE-2025-8250
A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s4.php. The manipulation of the argum…
High
CVE-2025-8249
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s3.php. The manipulat…
High
CVE-2025-8248
A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstna…
Medium
CVE-2025-8247
A vulnerability classified as critical has been found in Projectworlds Online Admission System 1.0. This affects an unknown part of the file /admin.php. The manipulation of the argument markof leads…
2025-07-27
High
CVE-2025-8241
A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file /report.php. The manipulation of the argument…
High
CVE-2025-8240
A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The…
High
CVE-2025-8238
A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation of the argument cre…
High
CVE-2025-8237
A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of th…
High
CVE-2025-8236
A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation…
High
CVE-2025-8235
A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argumen…
High
CVE-2025-8234
A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipu…
High
CVE-2025-8233
A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The mani…
High
CVE-2025-8232
A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the a…
Medium
CVE-2025-8230
A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /manage_user.php. The manipulation of the argument ID…
Medium
CVE-2025-8229
A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /parcel_list.php. The manipulation of the argument s leads t…
Medium
CVE-2025-8219
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp…
2025-07-26
Medium
CVE-2025-8190
A vulnerability, which was classified as critical, has been found in Campcodes Courier Management System 1.0. This issue affects some unknown processing of the file /print_pdets.php. The manipulation…
Medium
CVE-2025-8189
A vulnerability classified as critical was found in Campcodes Courier Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument ID le…
Medium
CVE-2025-8188
A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /edit_staff.php. The manipulation of the argument ID leads t…
Medium
CVE-2025-8187
A vulnerability was found in Campcodes Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit_parcel.php. The manipulatio…
Medium
CVE-2025-8186
A vulnerability was found in Campcodes Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit_branch.php. The ma…
High
CVE-2025-8185
A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the arg…
High
CVE-2025-6991
The kallyas theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.21.0 via the 'TH_LatestPosts4` widget. This makes it possible for authenticated attackers…
High
CVE-2025-8179
A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/change…
High
CVE-2025-54378
HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below of haxcms-php, API endpoints do not perf…
High
CVE-2025-54366
FreeScout is a lightweight free open source help desk and shared inbox built with PHP (Laravel framework). In versions 1.8.185 and below, there is a critical deserialization vulnerability in the /con…
Medium
CVE-2025-8174
A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation o…
2025-07-25
High
CVE-2025-8173
A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php.…
Medium
CVE-2025-8172
A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argu…
Medium
CVE-2025-8171
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation…
Low
CVE-2025-8167
A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.…
High
CVE-2025-8166
A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Requ…
Medium
CVE-2025-8165
A vulnerability was found in code-projects Food Review System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/approve_reservation.php. The manipulation o…
Medium
CVE-2025-8164
A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code of the file send_message.php. The manipulation of the argument…
Critical
CVE-2014-125118
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php…
Critical
CVE-2014-125116
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and…
Critical
CVE-2014-125115
An unauthenticated SQL injection vulnerability exists in Pandora FMS version 5.0 SP2 and earlier. The mobile/index.php endpoint fails to properly sanitize user input in the loginhash_data parameter,…