Exposure of PHP

Programming languages

829

exposure score

4,550,434

sites use

2

exploited

43

critical

Vexday analysis

Com 1.079 CVEs catalogadas e 74 surgidas apenas nos últimos 90 dias, o PHP apresenta um volume de vulnerabilidades que exige monitoramento contínuo. A taxa de exploração ativa — 2 entradas no catálogo KEV, equivalente a 0,19% do total — está abaixo da média geral do catálogo (0,45%), o que não elimina o risco, mas indica que a conversão de vulnerabilidades em exploração confirmada tem sido relativamente contida. Atenção especial merece a CVE-2024-4577, atualmente a falha mais perigosa em exploração ativa, com EPSS de 0,9999 — valor que sinaliza probabilidade altíssima de exploração —, reforçando a necessidade de aplicação imediata de correções em ambientes expostos. O tipo de falha mais recorrente, CWE-89 (injeção de SQL), combinado com 43 vulnerabilidades críticas no histórico, indica que revisão de práticas de codificação segura e atualização de versões continuam sendo controles prioritários para quem opera aplicações baseadas em PHP.

CVEs

1,079 results

CVE-2025-10624MEDIUMPHPGurukul User Management System login.php sql injectionEPSS 0.4%CVE-2024-51754LOWUnguarded calls to __toString() when nesting an object into an array in TwigEPSS 0.4%CVE-2025-3819MEDIUMPHPGurukul Men Salon Management System search-appointment.php sql injectionEPSS 0.4%CVE-2025-4039MEDIUMPHPGurukul Rail Pass Management System search-pass.php sql injectionEPSS 0.4%CVE-2025-5913MEDIUMPHPGurukul Vehicle Record Management System search-vehicle.php sql injectionEPSS 0.4%CVE-2026-6104MEDIUMGlobal buffer over-read in mb_convert_encoding() with attacker-supplied encodingEPSS 0.4%CVE-2023-6551MEDIUMStored XSS in class.upload.phpEPSS 0.4%CVE-2024-5360MEDIUMPHPGurukul Zoo Management System foreigner-bwdates-reports-details.php sql injectionEPSS 0.4%CVE-2025-4550MEDIUMPHPGurukul Apartment Visitors Management System pass-details.php sql injectionEPSS 0.4%CVE-2025-4026MEDIUMPHPGurukul Nipah Virus Testing Management System profile.php sql injectionEPSS 0.4%CVE-2025-4027MEDIUMPHPGurukul Old Age Home Management System rules.php sql injectionEPSS 0.4%CVE-2025-11505MEDIUMPHPGurukul Beauty Parlour Management System new-appointment.php sql injectionEPSS 0.4%CVE-2025-11503MEDIUMPHPGurukul Beauty Parlour Management System manage-services.php sql injectionEPSS 0.4%CVE-2026-1424MEDIUMPHPGurukul News Portal Profile Pic unrestricted uploadEPSS 0.4%CVE-2025-4013MEDIUMPHPGurukul Art Gallery Management System aboutus.php sql injectionEPSS 0.4%CVE-2025-4005MEDIUMPHPGurukul COVID19 Testing Management System patient-report.php sql injectionEPSS 0.4%CVE-2025-4031MEDIUMPHPGurukul Pre-School Enrollment System aboutus.php sql injectionEPSS 0.4%CVE-2025-4004MEDIUMPHPGurukul COVID19 Testing Management System password-recovery.php sql injectionEPSS 0.4%CVE-2025-4014MEDIUMPHPGurukul Art Gallery Management System manage-art-medium.php sql injectionEPSS 0.4%CVE-2025-4033MEDIUMPHPGurukul Nipah Virus Testing Management System patient-search-report.php sql injectionEPSS 0.4%

← previouspage 25 / 54next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →