The vulnerability of the ext/spl/spl_array.c component of the PHP interpreter allows a attacker to cause a service failure or potentially cause other effects.

The vulnerability of the ext/spl/splarray.c component of the PHP interpreter exists due to insufficient checking of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures or potentially have other adverse effects using specially created serialized data...

The vulnerability of the filtervar function in the PHP interpreter allows attackers to execute arbitrary code.

The vulnerability of the filtervar function in the PHP interpreter is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using specially crafted user input...

fenom 安全漏洞

fenom is a lightweight and fast PHP template engine. fenom 2.12.1 and earlier versions are vulnerable to code injection, which stems from a failure to properly filter the construct command special characters, commands, etc. in the getTemplateCode function of fenom/src/Fenom/Template.php, which ca...

CVE-2022-25495

The component /jqueryfileupload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file...

USN-5303-1 php7.4, php8.0 vulnerability

It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code...

Sensio Labs Twig 代码代码注入漏洞

Sensio Labs Twig is a PHP template engine from the French company Sensio Labs that supports custom tags and filters and the creation of DSLs. Sensio Labs Twig is vulnerable to injection, which can be exploited by attackers to run arbitrary PHP functions...

The vulnerability of the Util/PHP/eval-stdin.php component of the PHPUnit framework, which allows a hacker to execute arbitrary PHP code.

The vulnerability of the Util/PHP/eval-stdin.php component of the PHPUnit framework is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary PHP code using a specially crafted HTTP POST request...

elFinder 安全漏洞

elFinder is a set of Drupal-based platform , open source AJAX file manager . The product provides multiple file uploads, image scaling and other features. A security vulnerability exists in ElFinder 2.1.47 and earlier versions, which stems from a command injection vulnerability in the program's P...

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization...

CVE-2021-20076

Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated, unprivileged user to perform Remote Code Execution RCE on the Tenable.sc server via Hypertext Preprocessor unserialization...

CVE-2021-20076

CVE-2021-20076 affects Tenable.sc and Tenable.sc Core versions 5.13.0–5.17.0. The vulnerability allows an authenticated, unprivileged user to achieve Remote Code Execution on the Tenable.sc server through PHP unserialization. The available connected documentation consistently describes the issue ...

Tenable SecurityCenter 5.13.0 - 5.17.0 Remote Code Execution (TNS-2021-03)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is in the 5.13.0 through 5.17.0 version range. Tenable.sc and Tenable.sc Core versions 5.13.0 through 5.17.0 were found to contain a vulnerability that could allow an authenticated,...

Ucopia Express License Issues Vulnerability

Ucopia Express is a device used to manage Wifi used by the French company Ucopia. A security vulnerability exists in Ucopia Express 6.0.5 that allows the use of chroothole client PHP calls to execute arbitrary code with root privileges...

The vulnerability of the PHP programming language interpreter, related to the assignment of the null pointer, allows attackers to trigger a service failure.

The vulnerability of the PHP programming language interpreter is related to the use of a zero pointer. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...

PHP interpreter suffers from an out-of-bounds read vulnerability (CNVD-2020-69476)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

PHP interpreter has an out-of-bounds read vulnerability

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

PHP interpreter suffers from an out-of-bounds read vulnerability (CNVD-2020-69474)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. An out-of-bounds read vulnerability exists in the PHP interpreter, which can be exploited by an attacker to...

Command execution vulnerability exists in MyuCMS (CNVD-2020-67557)

MyuCMS front-end is built with UIkit framework, back-end is built with layui back-end framework and back-end is developed with PHP+MYSQL. MyuCMS has a command execution vulnerability that can be exploited by attackers to gain server control privileges...

SQL Injection Vulnerability in PHP Version of Nettie CMS

OTCMS Nettie CMS is an article-based web content management system CMS. A SQL injection vulnerability exists in the PHP version of OTCMS, which can be exploited by attackers to obtain sensitive information from the database...

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit targets the "PHPVALUE" directive in the php.ini file, which...