Lucene search
+L

15 matches found

euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-1967

Malware in sbrugna...

10CVSS9.2AI score0.02714EPSS
Exploits1References13
osv
osv
added 2021/09/01 6:36 p.m.52 views

GHSA-4574-QV3W-FCMG Deserialization of Untrusted Data in codeception/codeception

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

9.8CVSS9.6AI score0.02714EPSS
Exploits1References11
github
github
added 2021/09/01 6:36 p.m.42 views

Deserialization of Untrusted Data in codeception/codeception

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS4.3AI score0.02714EPSS
Exploits1References10Affected Software1
nvd
nvd
added 2021/08/11 1:15 p.m.30 views

CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS0.02714EPSS
Exploits1References4
osv
osv
added 2021/08/11 1:15 p.m.19 views

CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

9.8CVSS7.1AI score
Exploits0References4
prion
prion
added 2021/08/11 1:15 p.m.14 views

Input validation

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS9.5AI score0.02714EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2021/08/11 12:15 p.m.33 views

CVE-2021-23420 Deserialization of Untrusted Data

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

7.7CVSS9.8AI score0.02714EPSS
Exploits1References4
cve
cve
added 2021/08/11 12:15 p.m.86 views

CVE-2021-23420

CVE-2021-23420 affects codeception/codeception (versions 4.0.0–4.1.21 and 3.0.x–3.1.2 are implied by the version bounds) where the RunProcess class can be used as a gadget to execute arbitrary commands during deserialization of unvalidated user input. This is a deserialization vulnerability in th...

10CVSS8.8AI score0.02714EPSS
Exploits1References4Affected Software1
attackerkb
attackerkb
added 2021/08/11 12:13 p.m.1 views

CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS5.6AI score0.02714EPSS
Exploits1References5
cnnvd
cnnvd
added 2021/08/11 12:0 a.m.5 views

codeception 代码问题漏洞

codeception is an open source PHP full-stack testing framework. A security vulnerability exists in codeception, which stems from a problem with codeception from 4.0.0 and before 4.1.22 and before 3.1.3. The RunProcess class can be used as a gadget to run arbitrary commands on a system that can...

10CVSS8.4AI score0.02714EPSS
Exploits1References5
snyk
snyk
added 2021/08/09 11:33 a.m.2 views

Deserialization of Untrusted Data

Overview codeception/codeception is a Full-stack testing PHP framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validatio...

10CVSS7.2AI score0.02714EPSS
Exploits1References2
zdt
zdt
added 2019/05/01 12:0 a.m.52 views

HumHub 1.3.12 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...

0.02627EPSS
Exploits5
exploitpack
exploitpack
added 2019/04/30 12:0 a.m.65 views

HumHub 1.3.12 - Cross-Site Scripting

HumHub 1.3.12 - Cross-Site Scripting Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...

4.3CVSS6.1AI score0.02627EPSS
Exploits5
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.32 views

Deserialization of Untrusted Data

Description This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation. References...

10CVSS9.1AI score0.02714EPSS
Exploits1Affected Software1
friendsofphp
friendsofphp
added 1970/01/01 12:0 a.m.50 views

Deserialization of Untrusted Data

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS9.6AI score0.02714EPSS
Exploits1Affected Software1
Rows per page
Query Builder