Medium
CVE-2024-45699
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriat…
Tag: PHP
All CVEs associated with "PHP". Page 59/312 • 37334 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37334 CVEs for this tag (all time). In the last 365 days, 6058 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-04-02
High
CVE-2024-36465
A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.
2025-04-01
High
CVE-2025-31097
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Hossein Material Dashboard material-dashboard allows PHP Local File Inclusion.…
High
CVE-2025-31082
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InfornWeb News & Blog Designer Pack blog-designer-pack allows PHP Local File I…
High
CVE-2025-29033
An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter.
Medium
CVE-2025-29208
CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php.
High
CVE-2025-31131
YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
High
CVE-2025-2891
The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and inclu…
High
CVE-2025-30901
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in JoomSky JS Help Desk js-support-ticket allows PHP Local File Inclusion.This is…
High
CVE-2025-30870
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclu…
High
CVE-2025-30849
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in g5theme Essential Real Estate essential-real-estate allows PHP Local File Incl…
High
CVE-2025-30782
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Download Lite subscribe-to-download-lite allows PHP Lo…
High
CVE-2025-2007
The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions u…
Medium
CVE-2025-3045
A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. Th…
Medium
CVE-2025-3042
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of…
Medium
CVE-2025-3041
A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the arg…
2025-03-31
Medium
CVE-2025-3040
A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. Th…
Medium
CVE-2025-3039
A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add_employee.php. The manipulation of the ar…
Medium
CVE-2025-3038
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view_account.php. The manipulation of the…
Medium
CVE-2025-3018
A vulnerability, which was classified as critical, was found in SourceCodester Online Eyewear Shop 1.0. Affected is an unknown function of the file /classes/Users.php?f=delete. The manipulation of th…
High
CVE-2025-3006
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-category.php?id=8. The manipulation…
High
CVE-2025-3002
A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newsta…
Medium
CVE-2025-30149
OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_…
Medium
CVE-2025-29772
OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed.…
Critical
CVE-2025-3022
Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-mana…
High
CVE-2025-3021
Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the ‘file’ parameter in the /downloadR…
Medium
CVE-2025-2985
A vulnerability was found in code-projects Payroll Management System 1.0. It has been classified as critical. This affects an unknown part of the file update_account.php. The manipulation of the argu…
Medium
CVE-2025-2984
A vulnerability was found in code-projects Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /delete.php. The manipulation of…
High
CVE-2025-31387
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect instawp-connect allows PHP Local File Inclusion.This i…
High
CVE-2025-31016
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Crocoblock JetWooBuilder jet-woo-builder allows PHP Local File Inclusion.This…
High
CVE-2025-30835
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Bastien Ho Accounting for WooCommerce accounting-for-woocommerce allows PHP Lo…
Low
CVE-2025-2979
A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the a…
Medium
CVE-2025-2978
A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncN…
Medium
CVE-2025-2973
A vulnerability, which was classified as critical, was found in code-projects College Management System 1.0. This affects an unknown part of the file /Admin/student.php. The manipulation of the argum…
2025-03-30
Medium
CVE-2025-2952
A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of…
Medium
CVE-2025-2951
A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injec…
Critical
CVE-2025-1861
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit o…
High
CVE-2025-1736
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line chara…
Medium
CVE-2025-1734
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as v…
Medium
CVE-2025-1219
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-…
2025-03-29
Medium
CVE-2025-2840
The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php scri…
Low
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are…
2025-03-28
Critical
CVE-2025-28087
Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
High
CVE-2024-58130
In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
Critical
CVE-2025-30372
Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, al…
Critical
CVE-2025-22526
Deserialization of Untrusted Data vulnerability in mywebtonet PHP/MySQL CPU performance statistics mywebtonet-performancestats allows Object Injection.This issue affects PHP/MySQL CPU performance sta…
High
CVE-2025-31432
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Chop Chop Pop-Up Chop Chop pop-up allows PHP Local File Inclusion.This issue a…
Medium
CVE-2025-2870
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sendin…
Medium
CVE-2025-2869
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sendin…
Medium
CVE-2025-2868
Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sendin…
High
CVE-2025-2485
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted inp…
High
CVE-2025-2328
The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'dnd_remove_uploaded_files' fun…
Critical
CVE-2025-2294
The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubio_hybrid_theme_load_template function. This makes it possib…
2025-03-27
High
CVE-2025-26890
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 HUSKY woocommerce-products-filter allows PHP Local File Inclusion.T…
Critical
CVE-2025-30367
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This…
Critical
CVE-2025-30365
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/query_geracao_auto.php…
Critical
CVE-2025-30364
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the id_funciona…
Critical
CVE-2025-30361
WeGIA is a Web manager for charitable institutions. A security vulnerability was identified in versions prior to 3.2.6, where it is possible to change a user's password without verifying the old pass…
Critical
CVE-2025-26909
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows PHP Local File Inclusion.This i…
Critical
CVE-2025-25686
semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.
Medium
CVE-2025-2854
A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipu…
Medium
CVE-2025-2852
A vulnerability has been found in SourceCodester Food Ordering Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/me…
Medium
CVE-2025-2847
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The ma…
High
CVE-2025-2846
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of…
High
CVE-2025-30895
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently:…
High
CVE-2025-30891
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magepeopleteam WpTravelly tour-booking-manager allows PHP Local File Inclusion…
High
CVE-2025-30890
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SuitePlugins Login Widget for Ultimate Member login-widget-for-ultimate-member…
High
CVE-2025-30871
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Travel Engine WP Travel Engine wp-travel-engine allows PHP Local File Inclu…
High
CVE-2025-30868
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Maidul Team Manager wp-team-manager allows PHP Local File Inclusion.This issue…
High
CVE-2025-30846
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jetmonsters Restaurant Menu by MotoPress mp-restaurant-menu allows PHP Local F…
High
CVE-2025-30845
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webangon The Pack Elementor addons the-pack-addon allows PHP Local File Inclus…
High
CVE-2025-30831
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themifyme Themify Event Post themify-event-post allows PHP Local File Inclusio…
High
CVE-2025-30829
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics WPCafe wp-cafe allows PHP Local File Inclusion.This issue affects WP…
High
CVE-2025-30820
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in HT Plugins WishSuite wishsuite allows PHP Local File Inclusion.This issue affe…
High
CVE-2025-30814
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme The Post Grid the-post-grid allows PHP Local File Inclusion.This i…
High
CVE-2025-30785
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP Shuffle Subscribe to Download Lite subscribe-to-download-lite allows PHP Lo…
Critical
CVE-2025-2332
The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in…
2025-03-26
Critical
CVE-2025-28916
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rashid Docpro docpro allows PHP Local File Inclusion.This issue affects Docpro…
High
CVE-2025-27015
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designingmedia Hostiko hostiko allows PHP Local File Inclusion.This issue affe…
High
CVE-2025-26986
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Pearl - Corporate Business pearl allows PHP Local File Inclusio…
High
CVE-2025-24690
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Michele Giorgi Formality formality allows PHP Local File Inclusion.This issue…
High
CVE-2025-23952
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ntm custom-field-list-widget custom-field-list-widget allows PHP Local File In…
High
CVE-2025-23937
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Alex Furr LinkedIn Lite linkedin-lite allows PHP Local File Inclusion.This iss…
High
CVE-2025-1913
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization…
High
CVE-2024-13889
The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybe_unserialize' functio…
2025-03-25
Critical
CVE-2025-30091
In Tiny MoxieManager PHP before 4.0.0, remote code execution can occur in the installer command. This vulnerability allows unauthenticated attackers to inject and execute arbitrary code. Attacker-con…
High
CVE-2025-2740
A vulnerability classified as critical has been found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/eligibility.php. The manipulation of the arg…
Medium
CVE-2025-1320
The teachPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.0.9. This is due to missing or incorrect nonce validation on the import.php pag…
High
CVE-2025-2739
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/manage-services.php. The manip…
High
CVE-2025-2738
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/manage-scdetails.php. The mani…
High
CVE-2025-2737
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/contactus.php. The manipulation of the…
High
CVE-2024-13618
The aoa-downloadable WordPress plugin through 0.1.0 lacks authorization and authentication for requests to its download.php endpoint, allowing unauthenticated visitors to make requests to arbitrary U…
High
CVE-2025-2736
A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/bwdates-report-details.p…
High
CVE-2025-2735
A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-services.…
High
CVE-2025-2734
A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/aboutus.php. The manipulation of the…
2025-03-24
Low
CVE-2025-2715
A vulnerability classified as problematic has been found in timschofield webERP up to 5.0.0.rc+13. This affects an unknown part of the file ConfirmDispatch_Invoice.php of the component Confirm Dispat…
Medium
CVE-2025-2714
A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /extensions/realestate/index.php/agents…
Medium
CVE-2025-2701
A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulat…
Medium
CVE-2025-2690
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulat…
Medium
CVE-2025-2689
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator…
Medium
CVE-2025-2687
A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation…
High
CVE-2025-2684
A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing of the file /search-report-details.php. T…
High
CVE-2025-2683
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument mo…
High
CVE-2025-2682
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argu…
High
CVE-2025-2681
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /edit-locker.php?ltid=6. The…
High
CVE-2025-2680
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edit-assign-locker…
High
CVE-2025-2679
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /contact-us.php. The manipulation of the arg…
High
CVE-2025-2678
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /changeimage1.php. The manipulation of the…
High
CVE-2025-2677
A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /changeidproof.php. The manipulation of…
High
CVE-2025-2676
A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-subadmin.php. The manipulation of the argum…
High
CVE-2025-2675
A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. Affected by this issue is some unknown functionality of the file /add-lockertype.php…
High
CVE-2025-2674
A vulnerability classified as critical was found in PHPGurukul Bank Locker Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutus.php. The manipulation…
Low
CVE-2025-2673
A vulnerability classified as problematic has been found in code-projects Payroll Management System 1.0. Affected is an unknown function of the file /home_employee.php. The manipulation of the argume…
2025-03-23
Medium
CVE-2025-2672
A vulnerability was found in code-projects Payroll Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add_deductions.php. The manipulation o…
Medium
CVE-2025-2671
A vulnerability was found in Yue Lao Blind Box 月老盲盒 up to 4.0. It has been declared as critical. This vulnerability affects the function base64image of the file /app/controller/Upload.php. The manipu…
High
CVE-2025-2665
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The…
Medium
CVE-2025-2664
A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of t…
High
CVE-2025-2663
A vulnerability has been found in PHPGurukul Bank Locker Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /search-locker-detail…
Medium
CVE-2025-2662
A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been classified as critical. Affected is an unknown function of the file student/studentdashboard.php. The manipula…
High
CVE-2025-2661
A vulnerability was found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /staff/index.php. The manipulation of th…