High
CVE-2024-12967
A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fn…
Tag: PHP
All CVEs associated with "PHP". Page 67/312 • 37335 CVEs.
Subscribe CVEs: RSS for “PHP” · RSS (High+Critical only)
About “PHP”
A curated feed of “PHP”-related CVEs appears below. We currently track 37335 CVEs for this tag (all time). In the last 365 days, 6048 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2024-12-26
High
CVE-2024-12966
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the ar…
High
CVE-2024-12965
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /update_ex_detail.php. The manipu…
High
CVE-2024-12964
A vulnerability was found in 1000 Projects Daily College Class Work Report Book 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the a…
High
CVE-2024-12963
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function add_xp of the file /_parse/_all_edits.php. The manipulation of the ar…
High
CVE-2024-12962
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/_all_edits.php. The mani…
High
CVE-2024-12961
A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /update_ach_details.php. The manipulatio…
High
CVE-2024-12960
A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. This issue affects some unknown processing of the file /update_edu_details.php.…
High
CVE-2024-12959
A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /update_personal_details.php. The manipulati…
High
CVE-2024-12958
A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_pro_details.php. The manipulation of the a…
Medium
CVE-2024-12956
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The man…
Medium
CVE-2024-12955
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation…
Medium
CVE-2024-12954
A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_ach.php. The manipulation of the ar…
Medium
CVE-2024-12953
A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected by this issue is some unknown functionality of the file /update_pd_pro…
Medium
CVE-2024-12951
A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /add_personal_details.php. The manipulation of…
Medium
CVE-2024-12950
A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulat…
Medium
CVE-2024-12949
A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the ar…
Medium
CVE-2024-12948
A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid…
Medium
CVE-2024-12947
A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the ar…
High
CVE-2024-12946
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_actio…
High
CVE-2024-12945
A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /account.php. The manipulation of the argument emai…
High
CVE-2024-12944
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signin.php. The manipulatio…
High
CVE-2024-12943
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. T…
High
CVE-2024-12942
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/admin_login.php. The manipulatio…
Medium
CVE-2024-12941
A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulatio…
High
CVE-2024-12940
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. Th…
Medium
CVE-2024-12939
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function add_edu of the file /_parse/_all_edits.php. The manipulation of the argu…
Medium
CVE-2024-12938
A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The ma…
Medium
CVE-2024-12937
A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the a…
Medium
CVE-2024-12936
A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipula…
Medium
CVE-2024-12935
A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record…
Medium
CVE-2024-12934
A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument p_de…
Low
CVE-2024-12933
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file updateItemController.php. The man…
Low
CVE-2024-12932
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file addSizeController.php. T…
Medium
CVE-2024-12931
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been classified as critical. Affected is an unknown function of the file /addCatController.php. The manipulation of the argum…
Low
CVE-2024-12930
A vulnerability was found in code-projects Simple Admin Panel 1.0 and classified as problematic. This issue affects some unknown processing of the file addCatController.php. The manipulation of the a…
Medium
CVE-2024-12929
A vulnerability has been found in code-projects Student Management System 1.0.00 and classified as critical. This vulnerability affects unknown code of the file /addCatController.php. The manipulatio…
2024-12-25
High
CVE-2024-12927
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty…
Medium
CVE-2024-12926
A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manip…
High
CVE-2024-12272
The WP Travel Engine – Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including,…
2024-12-23
Medium
CVE-2018-25106
A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legac…
Medium
CVE-2024-12901
A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint…
Medium
CVE-2024-12900
A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipula…
High
CVE-2024-12899
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. T…
Medium
CVE-2024-12898
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php.…
2024-12-22
Medium
CVE-2024-12895
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag…
Medium
CVE-2024-12894
A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of t…
Low
CVE-2024-12892
A vulnerability classified as problematic was found in code-projects Online Exam Mastering System 1.0. Affected by this vulnerability is an unknown functionality of the file /sign.php?q=account.php.…
Medium
CVE-2024-12891
A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of th…
Medium
CVE-2024-12890
A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manip…
2024-12-21
High
CVE-2024-12884
A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argum…
Medium
CVE-2024-12883
A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulati…
High
CVE-2024-12721
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_cust…
High
CVE-2024-12066
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and inclu…
Medium
CVE-2024-12846
A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of th…
2024-12-20
Low
CVE-2024-12845
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of th…
Medium
CVE-2021-40959
A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF) <= 4.1.6 and <=5.0 was identified on the subpage `/process_management/process_status.…
Critical
CVE-2024-55509
SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component.
Medium
CVE-2024-12844
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross si…
Medium
CVE-2024-12843
A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter…
Medium
CVE-2024-12842
A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword…
Medium
CVE-2024-12841
A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to c…
Critical
CVE-2024-12571
The Store Locator for WordPress with Google Maps – LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for…
High
CVE-2024-21549
Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerabilit…
2024-12-19
Medium
CVE-2024-12794
A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/q…
Medium
CVE-2024-12793
A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php…
High
CVE-2024-12792
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument…
High
CVE-2024-12791
A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email lea…
Low
CVE-2024-12790
A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation lead…
Medium
CVE-2024-12789
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argum…
High
CVE-2024-12788
A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of t…
High
CVE-2024-12787
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/c…
High
CVE-2024-54790
A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter.
Medium
CVE-2024-12785
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The man…
Medium
CVE-2024-12784
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument…
Low
CVE-2024-12783
A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the…
Medium
CVE-2024-55603
Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom ses…
2024-12-18
High
CVE-2024-55506
An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file a…
Critical
CVE-2024-55461
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
High
CVE-2024-55505
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component.
Medium
CVE-2024-55232
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing aut…
Medium
CVE-2024-55231
An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing autho…
Critical
CVE-2024-56145
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has…
High
CVE-2024-54270
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axeptio Axeptio axeptio-sdk-integration allows PHP Local File Inclusion.This i…
Medium
CVE-2024-12340
The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider…
Critical
CVE-2024-21546
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extensi…
Medium
CVE-2024-12250
The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it…
2024-12-17
Medium
CVE-2024-52792
LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration…
Medium
CVE-2024-55059
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php.
Medium
CVE-2024-55058
An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-applicatio…
Medium
CVE-2024-55056
A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field.
Critical
CVE-2024-55516
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form na…
Critical
CVE-2024-55515
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name,…
Medium
CVE-2024-55514
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, a…
Critical
CVE-2024-55513
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form nam…
Critical
CVE-2024-55496
A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter…
Medium
CVE-2024-10356
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. Th…
2024-12-16
High
CVE-2024-55104
Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters.
High
CVE-2024-55103
Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter.
Medium
CVE-2024-55100
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a craf…
High
CVE-2024-54376
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider Themes EazyDocs eazydocs allows PHP Local File Inclusion.This issue aff…
High
CVE-2024-54380
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler wp-cookies-enabler allows PHP Local File Inclusion.This issue affects…
High
CVE-2024-54375
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Woolook woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through <= 1…
High
CVE-2024-54374
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Sogrid sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through <= 1.5.…
High
CVE-2024-54373
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris Gardenberg EduAdmin Booking eduadmin-booking allows PHP Local File Inclusion.This issue affects E…
Medium
CVE-2024-12478
A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipul…
Medium
CVE-2024-12362
A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice lea…
Medium
CVE-2024-56112
CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.
2024-12-13
Low
CVE-2024-12300
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, a…
2024-12-12
Critical
CVE-2024-54811
A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter.
Critical
CVE-2024-54810
A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via…
Critical
CVE-2024-55099
A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database…
Critical
CVE-2024-54842
A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter.
Medium
CVE-2024-50584
An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is…
Medium
CVE-2024-28145
An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are…
High
CVE-2024-12312
The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-…
Medium
CVE-2024-12255
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo()…
High
CVE-2024-12040
The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `w…
Low
CVE-2024-12536
A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the f…
Low
CVE-2024-12503
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. Th…