Exposure of PHP

Programming languages

829

exposure score

4,550,434

sites use

2

exploited

43

critical

Vexday analysis

Com 1.079 CVEs catalogadas e 74 surgidas apenas nos últimos 90 dias, o PHP apresenta um volume de vulnerabilidades que exige monitoramento contínuo. A taxa de exploração ativa — 2 entradas no catálogo KEV, equivalente a 0,19% do total — está abaixo da média geral do catálogo (0,45%), o que não elimina o risco, mas indica que a conversão de vulnerabilidades em exploração confirmada tem sido relativamente contida. Atenção especial merece a CVE-2024-4577, atualmente a falha mais perigosa em exploração ativa, com EPSS de 0,9999 — valor que sinaliza probabilidade altíssima de exploração —, reforçando a necessidade de aplicação imediata de correções em ambientes expostos. O tipo de falha mais recorrente, CWE-89 (injeção de SQL), combinado com 43 vulnerabilidades críticas no histórico, indica que revisão de práticas de codificação segura e atualização de versões continuam sendo controles prioritários para quem opera aplicações baseadas em PHP.

CVEs

1,079 results

CVE-2025-6154MEDIUMPHPGurukul Hostel Management System login.inc.php sql injectionEPSS 0.4%CVE-2025-4358MEDIUMPHPGurukul Company Visitor Management System admin-profile.php sql injectionEPSS 0.4%CVE-2026-33182MEDIUMSaloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URLEPSS 0.4%CVE-2024-5358MEDIUMPHPGurukul Zoo Management System normal-search.php sql injectionEPSS 0.4%CVE-2024-5359MEDIUMPHPGurukul Zoo Management System foreigner-search.php sql injectionEPSS 0.4%CVE-2025-15406MEDIUMPHPGurukul Online Course Registration authorizationEPSS 0.4%CVE-2024-10757MEDIUMPHPGurukul Online Shopping Portal js_data.php cross site scriptingEPSS 0.4%CVE-2024-10701MEDIUMPHPGurukul Car Rental Portal search.php cross site scriptingEPSS 0.4%CVE-2024-10300MEDIUMPHPGurukul Medical Card Generation System View Enquiry Page view-enquiry.php sql injectionEPSS 0.4%CVE-2024-10301MEDIUMPHPGurukul Medical Card Generation System Search search-medicalcard.php sql injectionEPSS 0.4%CVE-2025-48882HIGHPHPOffice Math allows XXE when processing an XML file in the MathML formatEPSS 0.4%CVE-2025-4060MEDIUMPHPGurukul Notice Board System category.php sql injectionEPSS 0.4%CVE-2025-4108MEDIUMPHPGurukul Student Record System add-subject.php sql injectionEPSS 0.4%CVE-2025-4505MEDIUMPHPGurukul Apartment Visitors Management System category.php sql injectionEPSS 0.4%CVE-2025-4508MEDIUMPHPGurukul e-Diary Management System my-profile.php sql injectionEPSS 0.4%CVE-2025-5358MEDIUMPHPGurukul/Campcodes Cyber Cafe Management System bwdates-reports-details.php sql injectionEPSS 0.4%CVE-2025-4925MEDIUMPHPGurukul Daily Expense Tracker System expense-monthwise-reports-detailed.php sql injectionEPSS 0.4%CVE-2025-4927MEDIUMPHPGurukul Online Marriage Registration System between-dates-application-report.php sql injectionEPSS 0.4%CVE-2025-4553MEDIUMPHPGurukul Apartment Visitors Management System bwdates-reports-details.php sql injectionEPSS 0.4%CVE-2025-4554MEDIUMPHPGurukul Apartment Visitors Management System bwdates-passreports-details.php sql injectionEPSS 0.4%

← previouspage 28 / 54next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →