Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:57 a.m.7 views

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

8.2CVSS6.8AI score0.00636EPSS
Exploits0References1
OSV
OSV
added 2024/09/17 3:31 p.m.9 views

GHSA-6RGH-R6J3-3223 czim/file-handling vulnerable to SSRF and directory traversal

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

8.2CVSS8.2AI score0.00636EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/09/17 3:31 p.m.22 views

czim/file-handling vulnerable to SSRF and directory traversal

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

8.2CVSS6.8AI score0.00636EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2024/09/17 2:42 p.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the makeFromUrl and makeFromAny methods. An attacker can read local files or perform server-side request forgery by supplying malicious URLs. PoC php / @var \Czim\FileHandling\Storage\File\StorableFileFacto...

8.2CVSS6.7AI score0.00636EPSS
Exploits0References2
NVD
NVD
added 2024/09/17 2:15 p.m.15 views

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

8.2CVSS0.00636EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/17 12:0 a.m.13 views

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

0.00636EPSS
Exploits0References1
OSV
OSV
added 2024/09/17 12:0 a.m.12 views

CVE-2024-47049

The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 used with PHP Composer does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files...

8.2CVSS6.3AI score0.00636EPSS
Exploits0References3
CVE
CVE
added 2024/09/17 12:0 a.m.63 views

CVE-2024-47049

CVE-2024-47049 affects czim/file-handling <1.5.0 and 2.x

8.2CVSS7.1AI score0.00636EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder