PHP Vulnerabilities


The following list includes some of the most critical PHP vulnerabilities known to the security community. In any case you find that there is anything missing in this list, please let us know and we will update it as soon as possible.
  1. HP-UX Running Apache with PHP Multiple Vulnerabilities
  2. PHP-Calendar Cross Site Scripting Vulnerabilities
  3. PHP-Calendar Cross Site Scripting Vulnerabilities
  4. PHP-Calendar Cross Site Scripting Vulnerabilities
  5. PHP-Calendar Cross Site Scripting Vulnerabilities
  6. PHP-Calendar Cross Site Scripting Vulnerabilities
  7. PHP-Calendar Cross Site Scripting Vulnerabilities
  8. PHP-Calendar Cross Site Scripting Vulnerabilities
  9. PHP-Calendar Cross Site Scripting Vulnerabilities
  10. PHP-Calendar Cross Site Scripting Vulnerabilities
  11. PHP-Calendar Cross Site Scripting Vulnerabilities
  12. PHP-Calendar Cross Site Scripting Vulnerabilities
  13. PHP-Calendar Cross Site Scripting Vulnerabilities
  14. PHP-Calendar Cross Site Scripting Vulnerabilities
  15. PHP-Calendar Cross Site Scripting Vulnerabilities
  16. PHP-Calendar Cross Site Scripting Vulnerabilities
  17. PHP-Calendar Cross Site Scripting Vulnerabilities
  18. PHP-Calendar Cross Site Scripting Vulnerabilities
  19. PHP-Calendar Cross Site Scripting Vulnerabilities
  20. PHP-Calendar Cross Site Scripting Vulnerabilities
  21. PHP-Calendar Cross Site Scripting Vulnerabilities
  22. PHP-Calendar Cross Site Scripting Vulnerabilities
  23. PHP-Calendar Cross Site Scripting Vulnerabilities
  24. PHP-Calendar Cross Site Scripting Vulnerabilities
  25. PHP-Calendar Cross Site Scripting Vulnerabilities
  26. PHP-Calendar Cross Site Scripting Vulnerabilities
  27. PHP-Calendar Cross Site Scripting Vulnerabilities
  28. PHP-Calendar Cross Site Scripting Vulnerabilities
  29. PHP-Calendar Cross Site Scripting Vulnerabilities
  30. PHP-Calendar Cross Site Scripting Vulnerabilities
  31. PHP-Calendar Cross Site Scripting Vulnerabilities
  32. PHP-Calendar Cross Site Scripting Vulnerabilities
  33. PHP-Calendar Cross Site Scripting Vulnerabilities
  34. PHP-Calendar Cross Site Scripting Vulnerabilities
  35. PHP-Calendar Cross Site Scripting Vulnerabilities
  36. PHP-Calendar Cross Site Scripting Vulnerabilities
  37. PHP-Calendar Cross Site Scripting Vulnerabilities
  38. PHP-Calendar Cross Site Scripting Vulnerabilities
  39. PHP-Calendar Cross Site Scripting Vulnerabilities
  40. PHP-Calendar Cross Site Scripting Vulnerabilities
  41. PHP-Calendar Cross Site Scripting Vulnerabilities
  42. PHP-Calendar Cross Site Scripting Vulnerabilities
  43. PHP-Calendar Cross Site Scripting Vulnerabilities
  44. PHP-Calendar Cross Site Scripting Vulnerabilities
  45. PHP-Calendar Cross Site Scripting Vulnerabilities
  46. PHP-Calendar Cross Site Scripting Vulnerabilities
  47. PHP-Calendar Cross Site Scripting Vulnerabilities
  48. PHP-Calendar Cross Site Scripting Vulnerabilities
  49. PHP-Calendar Cross Site Scripting Vulnerabilities
  50. PHP-Calendar Cross Site Scripting Vulnerabilities
  51. PHP-Calendar Cross Site Scripting Vulnerabilities
  52. PHP Multipart/Form-data Denial of Service Attack
  53. PHP gd Library imageRotate() Function Information Leak Vulnerability
  54. PHP mbstring Buffer Overflow Vulnerability
  55. PHP APC Vulnerable to Local Attacks
  56. PHP SAPI php_getuid() Overload
  57. PHP dba_replace() Arbitrary File Destruction
  58. Cross-Site Scripting Filter Evasion in Various Frameworks / Applications
  59. PHP GENERATE_SEED() Weak Random Number Seed Vulnerability
  60. PHP Multibyte Shell Command Escaping Bypass Vulnerability
  61. PHP cURL Safe_mode Bypass
  62. Apache HTTP Server 413 Error Page XSS
  63. PHP Win32std Extension safe_mode/disable_functions Protections Bypass
  64. PHP chunk_split() Integer Overflow
  65. PHP wbmp File Handling Integer Overflow
  66. PHP zip:// URL Wrapper Buffer Overflow Vulnerability
  67. PHP ext/filter Space Trimming Buffer Underflow Vulnerability
  68. PHP ext/filter HTML Tag Stripping Bypass Vulnerability
  69. PHP5 Post Filter Bypass (ext filter FDF, Exploit)
  70. PHP4 Local Buffer Overflow (mssql_connect, mssql_pconnect)
  71. PHP4 phpinfo() XSS Vulnerability (Reintroduced)
  72. PHP WDDX Session Deserialization Information Leak Vulnerability
  73. Dotdeb PHP Email Header Injection Vulnerability
  74. PHP unserialize() Array Creation Integer Overflow (PoC)
  75. PHP unserialize() Array Creation Integer Overflow
  76. PHP 5.1.6 / 4.4.4 Critical php_admin* Bypass by ini_restore()
  77. PHP File-Upload GLOBALS Overwrite Vulnerability
  78. PHP Local Buffer Underflow
  79. PHP ip2long() Function Circumvention (miniBB)
  80. Ultimate PHP Board Multiple Vulnerabilities
  81. Ultimate PHP Board Multiple Vulnerabilities (Exploit)
  82. cURL Safe Mode Bypass PHP
  83. Invision Power Board Army System Mod SQL Injection Exploit
  84. PHP Globals Filtering Bypass
  85. PHP for Windows create_named_pipe Buffer Overflow
  86. PHP Fusion CMS Multiple Vulnerabilities (subheader.php, options.php)
  87. PHP Multiple Vulnerabilities (File Upload, parse_str() register_global bypassing, phpinfo XSS)
  88. PHP-Fusion msg_send SQL Injection
  89. PHP-Fusion Accessible Database Backups Download (Exploit)
  90. PHP Calendar Buffer Overflow
  91. Ultimate PHP Board Password Hash Decryptor
  92. PortailPHP SQL Injection (Exploit)
  93. PHP-Nuke HTTP Response Splitting
  94. PHP-Nuke Blind SQL Injection (Download Module)
  95. SPHPBlog Multiple Vulnerabilities (Exploit)
  96. PHP getimagesize() Multiple DoS Vulnerabilities
  97. Squirrelcart PHP Shopping Cart SQL Injection
  98. Multiple Vulnerabilities in PHP (Information Discloser, File Access, Negative Reference, Integer Handeling Bug, Buffer Overflow, Directory Traversal, Arbitrary File Upload)
  99. Cross Site Scripting Vulnerability In PHP-Fusion
  100. Multiple Vulnerabilities in PHP-Nuke (db.php, index.php, Downloads, Web_Links)
  101. PHP-Nuke POST Method Admin Variable Privilege Escalation
  102. Simple PHP Blog Directory Traversal
  103. Jacks FormMail.php Remote File Access Vulnerability
  104. PHP openlog() Buffer Overflow
  105. PHP Input Validation Vulnerabilities (addslashes, Windows Only)
  106. PHP Shmop Write of Arbitrary Memory (Exploit)
  107. Multiple Vulnerabilities within PHP 4/5 (pack, unpack, safe_mode_exec_dir, safe_mode, realpath, unserialize)
  108. PHP-Fusion SQL Injection (index.php)
  109. PHP memory_limit Exploit Code
  110. phpBugTracker bug.php SQL Injection
  111. PHP Array Heap Content Disclosure
  112. PHP-Nuke XSS Vulnerabilities Through AddMsg And Newsletter Features
  113. PHP-Nuke ViewAdmin Cross Site Scripting Bug
  114. PHP-FUSION Various Vulnerabilities
  115. PHP-Nuke Multiple Vulnerabilities (Journal, WebLinks And Statistics Module)
  116. PHPNuke Multiple Vulnerabilities in Search Module (Comments Search)
  117. PHP memory_limit Remote Vulnerability
  118. PHP strip_tags() bypass vulnerability
  119. PHP-Nuke Multiple Vulnerabilities (Reviews/Encyclopedia/FAQ Modules)
  120. PHP-Nuke Inadequate Security Give Rise to a Variety of Attack Methods
  121. PHP Win32 escapeshellcmd() and escapeshellarg() Input Validation Vulnerability
  122. XSS and Path Disclosure in Network Query Tool
  123. Protector System Multiple Vulnerabilities
  124. PhotoPost PHP Pro Multiple Vulnerabilities
  125. PHP-Nuke Cross Site Scripting Vulnerability (News, Reviews)
  126. Photopost PHP Pro SQL Injection Vulnerability
  127. PHP-Nuke \cid\ SQL Injection
  128. AutoRank PHP SQL Injection Vulnerabilities
  129. Aardvark Topsites Multiple Vulnerabilities
  130. PHP-Nuke WebMail Command Execution Vulnerability (Mailattach)
  131. UPB Discussion Board/Web-Site Takeover
  132. PHP-Proxima Remote File Access Vulnerability
  133. PHP-Nuke \News\ Module SQL Injection
  134. CGI SAPI Security Vulnerability
  135. Mambo PHP-Portal Vulnerability (XSS and Command Execution)
  136. PHPNuke Path Disclosure (Your_Account)
  137. PHP-Nuke mail CRLF Injection Vulnerabilities
  138. Networking Utils PHP Allows Execution of Arbitrary code.
  139. Denial of Service Vulnerability in Xeneo Web Server
  140. IMG Attack in The News 6 CMS Vulnerabilities
  141. Multiple Web Security Holes (TightAuction, PY-Membres, upb PB, MidiCart PHP, Pphlogger)
  142. XSS Bug in php(Reactor)
  143. PHP Debugging Function Script Injection Vulnerability
  144. PHP Source Injection in phpWebSite
  145. PHP fopen() CRLF Injection
  146. PHP Allows Bypassing of safe_mode And Injecting ASCII Control Chars With mail()
  147. PHPNuke Private Messaging Module Allows Compromising of Administrator Accounts
  148. Additional Details Released on PHP Security Vulnerability in Multipart FORM Data Handling
  149. PHP Security Vulnerability in Multipart FORM Data Handling
  150. Cross-Site Scripting Vulnerability in PHP Classifieds
  151. PHP Source Injection in PHP-Address
  152. PHP-Survey Global.INC Information Disclosure Vulnerability
  153. Posix_getpw* Ignores Safe_mode and Open_basedir Settings