10 matches found
CVE-2026-57584
Phalcon (PHP framework) is affected by a ReDoS in the default MVC router. Prior to 5.15.0, the built‑in router registers a route whose PCRE pattern contains a nested quantifier, and Phalcon\Mvc\Router::handle() matches this against the request URI on every request. A crafted path (e.g., repeated ...
CVE-2026-54736
Technical details (affected versions, root cause specifics, and remediation beyond what is in the Initial Description) are not publicly available in the provided documents; monitor for updates.
EUVD-2017-15029
Malware in sbrugna...
Invo PhalconPHP 1.x Database Configuration Disclosure
Exploit Title : Unvo PhalconPHP 1.x Database Config Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 14/02/2019 Vendor Homepage : phalconphp.com Software Download Link : github.com/phalcon/invo/archive/master.zip Software Information Link :...
Phalcon Eye Arbitrary Code Execution Vulnerability
Phalcon is an extension implemented in C. Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tools provide features such as service provisioning, configuration management, and reporting status. An arbitrary code execution vulnerability exists in Phalcon Ey...
CVE-2017-5960
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...
CVE-2017-5960
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...
Authorization
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...
CVE-2017-5960
An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...
CVE-2017-5960
CVE-2017-5960 affects Phalcon Eye up to version 0.4.1. The issue stems from insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php, enabling an attacker to cause the browser to execute arbitra...