CodeIgniter 代码注入漏洞

CodeIgniter is an open source web framework written in the PHP language. A security vulnerability exists in CodeIgniter versions prior to 4.3.5 that stems from a problem with the validation method and in-model validation in the controller, allowing an attacker to execute arbitrary code...

USN-6111-1: Flask vulnerability

It was discovered that Flask incorrectly handled certain data responses. An attacker could possibly use this issue to expose sensitive information...

NFine Rapid Development Platform 安全漏洞

NFine Rapid Development Platform is a C-based, blazing-fast WEB + ORM framework for individual NFine developers. A security vulnerability exists in NFine Rapid Development Platform that originates from /SystemManage/User/GetGridJson?search=false&nd=1680855479750&rows=50&page=1&sidx=F...

[SECURITY] Fedora 37 Update: python-django3-3.2.19-1.fc37

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

GHSA-2C4M-59X9-FR2G Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function

The filename parameter of the Context.FileAttachment function is not properly sanitized. A maliciously crafted filename can cause the Content-Disposition header to be sent with an unexpected filename value or otherwise modify the Content-Disposition header. For example, a filename of...

Fedora: Security Advisory for python-django3 (FEDORA-2023-0d20d09f2d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: python-django3-3.2.19-1.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Fedora: Security Advisory for python-django (FEDORA-2023-a53ab7c969)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: python-django-4.0.10-1.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 37 Update: python-django-4.0.10-1.fc37

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Fedora: Security Advisory for rubygem-rails (FEDORA-2023-7002afbbb8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: rubygem-rails-7.0.4.3-1.fc37

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration...

Command injection

nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...

CVE-2023-28854

CVE-2023-28854 affects the nophp PHP web framework (versions prior to 0.0.1). The vulnerability is a shell command injection on the httpd user. A patch was released at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa (2023-03-30). Remediation: upgrade index.php to 2023-03-30 or later. As a workaro...

CVE-2023-28854 nophp vulnerable to shell command injection on httpd user when sending a password-setting mail or mail-login mail

nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function...

Fedora: Security Advisory for rubygem-rails (FEDORA-2023-d6157bb1e2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: rubygem-rails-7.0.4.3-1.fc38

Ruby on Rails is a full-stack web framework optimized for programmer happiness and sustainable productivity. It encourages beautiful code by favoring convention over configuration...

The vulnerability of the AuUploader component in the ZK Framework, a web application development framework, allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the AuUploader component in the ZK Framework for web application development is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending a...

[SECURITY] Fedora 38 Update: python-django3-3.2.18-1.fc38

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...