Medium
CVE-2025-0948
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file incview.php. The manipulation of the argument in…
Tag: PHP
All CVEs associated with "PHP". Page 64/312 • 37335 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37335 CVEs for this tag (all time). In the last 365 days, 6048 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2025-02-01
Medium
CVE-2025-0947
A vulnerability, which was classified as critical, has been found in itsourcecode Tailoring Management System 1.0. Affected by this issue is some unknown functionality of the file expview.php. The ma…
Medium
CVE-2025-0946
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file templatedelete.php. The manipu…
Medium
CVE-2025-0945
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file typedelete.php. The manipulation of the argument id…
Medium
CVE-2025-0944
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file customerview.php. The manipulation of…
Medium
CVE-2025-0943
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file deldoc.php. The manipulation of the ar…
High
CVE-2025-0366
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible f…
2025-01-31
Medium
CVE-2025-0934
A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. This affects an unknown part of the file /parse/_call_job_search_ajax.php. The manipulation of t…
Medium
CVE-2025-0930
Reflected Cross-Site Scripting (XSS) in TeamCal Neo, version 3.8.2. This allows an attacker to execute malicious JavaScript code, after injecting code via the ‘abs’ parameter in ‘/teamcal/src/index.p…
Critical
CVE-2025-0929
SQL injection vulnerability in TeamCal Neo, version 3.8.2. This could allow an attacker to retrieve, update and delete all database information by injecting a malicious SQL statement via the ‘abs’ pa…
Medium
CVE-2024-12267
The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_dele…
Medium
CVE-2024-13216
The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function…
Critical
CVE-2025-0493
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Limited Local File Inclusion in all versions up to, and including, 4.2.14 via the t…
High
CVE-2024-13767
The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. T…
2025-01-30
Medium
CVE-2025-0882
A vulnerability was found in code-projects Chat System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/addnewmember.php. The…
Medium
CVE-2025-0881
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of…
Medium
CVE-2025-0880
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of…
Medium
CVE-2025-0874
A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Affected by this issue is some unknown functionality of the file /admin/ap…
Medium
CVE-2025-0873
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /customeredit.php. The manipul…
Medium
CVE-2025-0872
A vulnerability classified as critical has been found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file /addpayment.php. The manipulation of the argument id…
Low
CVE-2025-0871
A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of…
Critical
CVE-2024-13742
The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the…
High
CVE-2024-13720
The WP Image Uploader plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the gky_image_uploader_main_function() function in all versions up to,…
High
CVE-2025-0847
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login…
High
CVE-2025-0846
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of…
Medium
CVE-2025-0844
A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component…
2025-01-29
High
CVE-2025-0843
A vulnerability was found in needyamin Library Card System 1.0. It has been classified as critical. Affected is an unknown function of the file admindashboard.php of the component Admin Panel. The ma…
High
CVE-2025-0842
A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of…
Medium
CVE-2025-24792
Snowflake PHP PDO Driver is a driver that uses the PHP Data Objects (PDO) extension to connect to the Snowflake database. Snowflake discovered and remediated a vulnerability in the Snowflake PHP PDO…
Medium
CVE-2025-24374
Twig is a template language for PHP. When using the ?? operator, output escaping was missing for the expression on the left side of the operator. This vulnerability is fixed in 3.19.0.
Medium
CVE-2025-0806
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as problematic. This issue affects some unknown processing of the file _call_job_search_ajax.php. The manipulation of…
High
CVE-2025-0803
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/submit_plan_…
High
CVE-2025-0802
A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of…
Low
CVE-2025-0800
A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher.…
2025-01-28
Medium
CVE-2025-22917
A reflected cross-site scripting (XSS) vulnerability in Audemium ERP <=0.9.0 allows remote attackers to execute an arbitrary JavaScript payload in the web browser of a user by including a malicious p…
2025-01-27
Critical
CVE-2024-57548
CMSimple 5.16 allows the user to edit log.php file via print page.
High
CVE-2024-57547
Insecure Permissions vulnerability in CMSimple v.5.16 allows a remote attacker to obtain sensitive information via a crafted script to the Functionality of downloading php backup files.
Critical
CVE-2024-57052
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file.
High
CVE-2025-24368
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in buil…
High
CVE-2025-24367
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web ro…
High
CVE-2024-54146
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vul…
Medium
CVE-2024-54145
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter…
Medium
CVE-2025-24782
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Post Grid, Slider & Carousel Ultimate post-grid-carousel-ultimate allows…
High
CVE-2025-24685
Path Traversal: '.../...//' vulnerability in Ihor Kit Morkva UA Shipping morkva-ua-shipping allows PHP Local File Inclusion.This issue affects Morkva UA Shipping: from n/a through <= 1.0.18.
Medium
CVE-2025-0722
A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manip…
Medium
CVE-2025-0721
A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument Username leads…
2025-01-26
Medium
CVE-2017-20196
A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argum…
2025-01-25
High
CVE-2024-12600
The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'fr…
High
CVE-2025-0682
The ThemeREX Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.0 via the 'trx_sc_reviews' shortcode 'type' attribute. This makes it possible…
2025-01-24
Medium
CVE-2025-24733
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Akhtarujjaman Shuvo Post Grid Master ajax-filter-posts allows PHP Local File I…
Medium
CVE-2024-10324
The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas…
High
CVE-2025-23422
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in moaluko Store Locator store-locator allows PHP Local File Inclusion.This issue affects Store Locator: f…
High
CVE-2024-13409
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10…
High
CVE-2024-13408
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10…
Critical
CVE-2024-13545
The Bootstrap Ultimate theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.9 via the path parameter. This makes it possible for unauthenticated attacke…
2025-01-23
Medium
CVE-2024-57326
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code i…
High
CVE-2024-13593
The BMLT Meeting Map plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.6.0 via the 'bmlt_meeting_map' shortcode. This makes it possible for authentica…
2025-01-22
High
CVE-2025-23949
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dzeriho Improved Sale Badges – Free Version improved-sale-badges-free-version…
High
CVE-2025-23948
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Webarea Background animation blocks background-animation-blocks allows PHP Loc…
High
CVE-2025-23938
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CRUDLab Image Gallery Box by CRUDLab image-gallery-box-by-crudlab allows PHP L…
Medium
CVE-2025-22980
A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.
High
CVE-2025-0429
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
High
CVE-2025-0428
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form['post_conten…
2025-01-21
Critical
CVE-2023-27113
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php.
Critical
CVE-2023-27112
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php.
Medium
CVE-2025-24020
WeGIA is a Web manager for charitable institutions. An Open Redirect vulnerability was identified in the `control.php` endpoint of versions up to and including 3.2.10 of the WeGIA application. The vu…
High
CVE-2025-24019
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for any authenticated user, through the use of the filemanager to delete any file owned by the user runn…
High
CVE-2025-24018
YesWiki is a wiki system written in PHP. In versions up to and including 4.4.5, it is possible for an authenticated user with rights to edit/create a page or comment to trigger a stored XSS which wil…
High
CVE-2025-24017
YesWiki is a wiki system written in PHP. Versions up to and including 4.4.5 are vulnerable to any end-user crafting a DOM based XSS on all of YesWiki's pages which is triggered when a user clicks on…
Medium
CVE-2024-56990
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php.
Medium
CVE-2024-56998
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address.
Medium
CVE-2024-56997
PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter.
High
CVE-2025-22311
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects…
High
CVE-2024-10936
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace'…
Medium
CVE-2024-13536
The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly acce…
2025-01-20
Medium
CVE-2025-24013
CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers…
Critical
CVE-2025-23220
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adi…
Critical
CVE-2025-23219
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adi…
Critical
CVE-2025-23218
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adi…
Medium
CVE-2025-22131
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays…
Medium
CVE-2025-0582
A vulnerability classified as critical was found in itsourcecode Farm Management System up to 1.0. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument p…
Medium
CVE-2025-0580
A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/rest_ap…
High
CVE-2025-0579
A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shi…
2025-01-19
High
CVE-2025-0565
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql i…
High
CVE-2025-0564
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipul…
Medium
CVE-2025-0563
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument unam…
Medium
CVE-2025-0562
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/health_status_entry.php. The manipu…
Medium
CVE-2025-0561
A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argumen…
2025-01-17
Medium
CVE-2025-0541
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation o…
Medium
CVE-2025-0540
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /expadd.php. The manipulation of the arg…
Low
CVE-2025-0538
A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation o…
Medium
CVE-2024-57252
OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily.
Critical
CVE-2024-57035
WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php.
Medium
CVE-2024-57033
WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php.
Low
CVE-2025-0537
A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php.…
Medium
CVE-2025-0536
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulati…
Critical
CVE-2024-57034
WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter.
Critical
CVE-2024-57032
WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing a…
Critical
CVE-2024-57031
WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter.
High
CVE-2024-57030
Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter.
Medium
CVE-2025-0535
A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the arg…
High
CVE-2025-0534
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/log…
High
CVE-2025-0533
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file…
Medium
CVE-2025-0532
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of t…
Medium
CVE-2025-0531
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/leaveroom.php. The manipulation of the argument id…
Low
CVE-2025-0530
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation o…
High
CVE-2025-0527
A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /signupconfirm.php. The manip…
Medium
CVE-2024-13367
The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible…
2025-01-16
Medium
CVE-2025-23200
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1…
Medium
CVE-2025-23199
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1…
Medium
CVE-2024-57785
Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php.
Medium
CVE-2024-57784
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
High
CVE-2025-23915
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in roninwp FAT Event Lite fat-event-lite allows PHP Local File Inclusion.This iss…
Low
CVE-2024-57611
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId.
High
CVE-2024-57162
Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php.
2025-01-15
High
CVE-2025-22976
SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module.
Medium
CVE-2024-41454
An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or H…
Medium
CVE-2025-0491
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id l…
Medium
CVE-2025-0490
A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation…
Medium
CVE-2025-0489
A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument i…