l1nk3rlin/php_code_audit_project

l1nk3rlin/php_code_audit_project

Releases0

Stars192

该项目用来记录，我用来练手的PHP代码审计项目。

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-18086 ↗	Oct 9, 2018Tuesday, 9 October 2018, 20:29	—	6.5 MEDIUM
EmpireCMS v7.5 has an arbitrary file upload vulnerability in the LoadInMod function in e/class/moddofun.php, exploitable by logged-in users.
CVE-2018-12491 ↗	Jun 15, 2018Friday, 15 June 2018, 18:29	—	7.5 HIGH
PHPOK 4.9.032 has an arbitrary file upload vulnerability in the import_f function in framework/admin/modulec_control.php, as demonstrated by uploading a .php file within a .php.zip archive, a similar issue to CVE-2018-8944.
CVE-2018-12492 ↗	Jun 15, 2018Friday, 15 June 2018, 18:29	—	6.4 MEDIUM
PHPOK 4.9.032 has an arbitrary file deletion vulnerability in the delfile_f function in framework/admin/tpl_control.php.
CVE-2018-12045 ↗	Jun 8, 2018Friday, 8 June 2018, 01:29	—	7.5 HIGH
DedeCMS through V5.7SP2 allows arbitrary file upload in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=upload request with an upfile1 parameter, as demonstrated by uploading a .php file.
CVE-2018-12046 ↗	Jun 8, 2018Friday, 8 June 2018, 01:29	—	5 MEDIUM
DedeCMS through 5.7SP2 allows arbitrary file write in dede/file_manage_control.php via a dede/file_manage_view.php?fmdo=newfile request with name and str parameters, as demonstrated by writing to a new .php file.