EUVD-2021-1967

Malware in sbrugna...

GHSA-4574-QV3W-FCMG Deserialization of Untrusted Data in codeception/codeception

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

Deserialization of Untrusted Data in codeception/codeception

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

Input validation

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

CVE-2021-23420

CVE-2021-23420 affects codeception/codeception (versions 4.0.0–4.1.21 and 3.0.x–3.1.2 are implied by the version bounds) where the RunProcess class can be used as a gadget to execute arbitrary commands during deserialization of unvalidated user input. This is a deserialization vulnerability in th...

CVE-2021-23420 Deserialization of Untrusted Data

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

CVE-2021-23420

This affects the package codeception/codeception from 4.0.0 and before 4.1.22, before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

codeception 代码问题漏洞

codeception is an open source PHP full-stack testing framework. A security vulnerability exists in codeception, which stems from a problem with codeception from 4.0.0 and before 4.1.22 and before 3.1.3. The RunProcess class can be used as a gadget to run arbitrary commands on a system that can...

Deserialization of Untrusted Data

Overview codeception/codeception is a Full-stack testing PHP framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validatio...

HumHub 1.3.12 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...

HumHub 1.3.12 - Cross-Site Scripting

HumHub 1.3.12 - Cross-Site Scripting Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...

Deserialization of Untrusted Data

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

Deserialization of Untrusted Data

Description This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation. References...