CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

Circl•added 2024/02/26 10:11 a.m.•2 views

CVE-2019-18888

creationtimestamp| type| source ---|---|--- 2024-02-26 10:11:59+00:00| seen| https://t.me/ctinow/193214...

7.5CVSS7.2AI score0.0231EPSS

Exploits0References1

CVE•added 2021/05/06 5:37 p.m.•41 views

CVE-2020-18888

The CVE-2020-18888 entry concerns puppyCMS v5.1 with an Arbitrary File Deletion vulnerability. According to the documents, a remote attacker can delete files/folders via the vulnerable endpoint /admin/functions.php, due to insufficient path validation/restrictions. The issue is described across m...

7.5CVSS7.5AI score0.0016EPSS

Exploits1References1Affected Software1

Circl•added 2020/06/19 10:55 p.m.•3 views

CVE-2017-18888

creationtimestamp| type| source ---|---|--- 2020-06-19 22:55:24+00:00| seen| https://t.me/cibsecurity/12919...

9.8CVSS7.9AI score0.00277EPSS

Exploits0References1

CVE•added 2020/06/19 6:10 p.m.•40 views

CVE-2017-18888

Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 is vulnerable to SQL injection during the fetching of multiple posts. Root cause is likely unsafe SQL handling in post-fetch logic. The vulnerability impacts Mattermost Server (versions listed); no exploit details are provided. Remediation per the ...

9.8CVSS9.8AI score0.00277EPSS

Exploits0References1Affected Software1

Tenable Nessus•added 2019/11/22 12:0 a.m.•35 views

Fedora 31 : php-symfony3 (2019-8b0ba02338)

Version 3.4.35 2019-11-13 - bug 34344 Console Constant STDOUT might be undefined nicolas-grekas - security cve-2019-18889 Cache forbid serializing AbstractAdapter and TagAwareAdapter instances nicolas-grekas - security cve-2019-18888 HttpFoundation fix guessing mime-types of files with leading da...

9.8CVSS7.6AI score0.05134EPSS

Exploits0References4

Tenable Nessus•added 2019/11/22 12:0 a.m.•27 views

Fedora 30 : php-symfony (2019-9c2ad3b018)

Version 2.8.52 2019-11-13 - security cve-2019-18888 HttpFoundation fix guessing mime-types of files with leading dash nicolas-grekas - security cve-2019-18887 HttpKernel Use constant time comparison in UriSigner stof Note that Tenable Network Security has extracted the preceding description block...

8.1CVSS7.4AI score0.0231EPSS

Exploits0References3

OSV•added 2019/11/21 11:15 p.m.•0 views

UBUNTU-CVE-2019-18888

An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command...

7.5CVSS7.2AI score0.0231EPSS

Exploits0References5

CVE•added 2019/11/21 10:19 p.m.•156 views

CVE-2019-18888

Summary: CVE-2019-18888 affects Symfony components (2.8.x, 3.4.x, 4.2.x, 4.3.x) where unvalidated user input could influence the file argument passed to the underlying file command during MIME type validation in HttpFoundation (and Mime in 4.3.x). Impact (as described): If an application passes u...

7.5CVSS7.5AI score0.0231EPSS

Exploits0References6Affected Software1

Debian CVE•added 2019/11/21 10:19 p.m.•34 views

CVE-2019-18888

7.5CVSS7.5AI score0.0231EPSS

Exploits0

Debian•added 2019/11/19 1:38 a.m.•103 views

[SECURITY] [DLA 1999-1] symfony security update

Package : symfony Version : 2.3.21+dfsg-4+deb8u6 CVE ID : CVE-2019-18886 CVE-2019-18887 CVE-2019-18888 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a timing attack/information leak, argument injection and code execution via unserialization. For Debian ...

8.1CVSS7.1AI score0.0231EPSS

Exploits0

Debian•added 2019/11/18 10:4 p.m.•92 views

[SECURITY] [DSA 4573-1] symfony security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4573-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq -...

9.8CVSS8.8AI score0.05134EPSS

Exploits0

Friends Of PHP•added 2019/11/13 8:0 a.m.•18 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.0231EPSS

Exploits0Affected Software1

Symfony•added 2019/11/13 12:0 a.m.•40 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

Affected versions Symfony 2.8.0 to 2.8.51, 3.4.0 to 3.4.34, 4.2.0 to 4.2.11 and 4.3.0 to 4.3.7 versions of the Symfony HttpFoundation component are affected by this security issue. Symfony 4.3.0 to 4.3.7 versions of the Symfony Mime component are affected by this security issue. The issue has bee...

7.5CVSS7.7AI score0.0231EPSS

Exploits0

OSV•added 2018/11/01 1:29 a.m.•1 views

CVE-2018-18888

An issue was discovered in laravelCMS through 2018-04-02. \app\Http\Controllers\Backend\ProfileController.php allows upload of arbitrary PHP files because the file extension is not properly checked and uploaded files are not properly renamed...

9.8CVSS5.9AI score0.00411EPSS

Exploits1References1

CVE•added 2018/11/01 1:0 a.m.•42 views

CVE-2018-18888

The CVE-2018-18888 entry concerns laravelCMS prior to or through 2018-04-02 where the upload mechanism in app/Http/Controllers/Backend/ProfileController.php does not properly validate file extensions and does not rename uploaded files, allowing uploading of arbitrary PHP files. This is reported a...

9.8CVSS9.5AI score0.00411EPSS

Exploits1References1Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•25 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.0231EPSS

Exploits0Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•23 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.0231EPSS

Exploits0Affected Software1