8 matches found
CVE-2024-47049
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...
GHSA-6RGH-R6J3-3223 czim/file-handling vulnerable to SSRF and directory traversal
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...
czim/file-handling vulnerable to SSRF and directory traversal
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation via the makeFromUrl and makeFromAny methods. An attacker can read local files or perform server-side request forgery by supplying malicious URLs. PoC php / @var \Czim\FileHandling\Storage\File\StorableFileFacto...
CVE-2024-47049
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...
CVE-2024-47049
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...
CVE-2024-47049
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...
CVE-2024-47049
CVE-2024-47049 affects czim/file-handling <1.5.0 and 2.x