Exposure of PHP

Programming languages

829

exposure score

4,550,434

sites use

2

exploited

43

critical

Vexday analysis

Com 1.079 CVEs catalogadas e 74 surgidas apenas nos últimos 90 dias, o PHP apresenta um volume de vulnerabilidades que exige monitoramento contínuo. A taxa de exploração ativa — 2 entradas no catálogo KEV, equivalente a 0,19% do total — está abaixo da média geral do catálogo (0,45%), o que não elimina o risco, mas indica que a conversão de vulnerabilidades em exploração confirmada tem sido relativamente contida. Atenção especial merece a CVE-2024-4577, atualmente a falha mais perigosa em exploração ativa, com EPSS de 0,9999 — valor que sinaliza probabilidade altíssima de exploração —, reforçando a necessidade de aplicação imediata de correções em ambientes expostos. O tipo de falha mais recorrente, CWE-89 (injeção de SQL), combinado com 43 vulnerabilidades críticas no histórico, indica que revisão de práticas de codificação segura e atualização de versões continuam sendo controles prioritários para quem opera aplicações baseadas em PHP.

CVEs

1,079 results

CVE-2025-4939MEDIUMPHPGurukul Credit Card Application Management System new-ccapplication.php cross site scriptingEPSS 0.4%CVE-2025-3229MEDIUMPHPGurukul Restaurant Table Booking System edit-subadmin.php sql injectionEPSS 0.4%CVE-2025-6310MEDIUMPHPGurukul Emergency Ambulance Hiring Portal index.php sql injectionEPSS 0.4%CVE-2025-6300MEDIUMPHPGurukul Employee Record Management System editempeducation.php sql injectionEPSS 0.4%CVE-2025-5860MEDIUMPHPGurukul Maid Hiring Management System search-booking-request.php sql injectionEPSS 0.4%CVE-2025-6322MEDIUMPHPGurukul Pre-School Enrollment System visit.php sql injectionEPSS 0.4%CVE-2025-6323MEDIUMPHPGurukul Pre-School Enrollment System enrollment.php sql injectionEPSS 0.4%CVE-2025-5370MEDIUMPHPGurukul News Portal forgot-password.php sql injectionEPSS 0.4%CVE-2025-5706MEDIUMPHPGurukul Human Metapneumovirus Testing Management System new-user-testing.php sql injectionEPSS 0.4%CVE-2025-5367MEDIUMPHPGurukul Online Shopping Portal Project category.php sql injectionEPSS 0.4%CVE-2025-5599MEDIUMPHPGurukul Student Result Management System editmyexp.php sql injectionEPSS 0.4%CVE-2025-6318MEDIUMPHPGurukul Pre-School Enrollment System check_availability.php sql injectionEPSS 0.4%CVE-2025-24529MEDIUMAn issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab.EPSS 0.4%CVE-2024-10155MEDIUMPHPGurukul Boat Booking System Book a Boat Page book-boat.php cross site scriptingEPSS 0.4%CVE-2024-10755MEDIUMPHPGurukul Online Shopping Portal empty_table.php cross site scriptingEPSS 0.4%CVE-2024-13084MEDIUMPHPGurukul Land Record System search-property.php sql injectionEPSS 0.4%CVE-2024-10756MEDIUMPHPGurukul Online Shopping Portal html_table.php cross site scriptingEPSS 0.4%CVE-2024-10754MEDIUMPHPGurukul Online Shopping Portal dymanic_table.php cross site scriptingEPSS 0.4%CVE-2024-10298MEDIUMPHPGurukul Medical Card Generation System Managecard Edit Card Detail Page edit-card-detail.php sql injectionEPSS 0.4%CVE-2025-4862MEDIUMPHPGurukul Directory Management System searchdata.php cross site scriptingEPSS 0.4%

← previouspage 33 / 54next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →