(Sorry if I am posting in wrong category…)
I am looking for tools capable of finding vulnerable (with known vulnerabilities) PHP components on hosting servers… Is OpenVAS is suitable for that? For example: would OpenVAS detect “phpmailer 6.0.5” somewhere on the filesystem (website’s home)?
OpenVAS definetely has a signature for CVE-2018-19296…
Does it makes any difference whether package is installed via OS package manager, dependency manager (“composer” in case of PHP?) or is just copied somewhere to the filesystem?