Lucene search
+L

24 matches found

redhatcve
redhatcve
added 2026/01/09 11:25 a.m.4 views

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

7.2CVSS7.1AI score0.01294EPSS
Exploits1References1
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-8267

Malware in sbrugna...

9.8CVSS8.5AI score0.06842EPSS
Exploits1References16
redhatcve
redhatcve
added 2025/02/26 12:26 a.m.8 views

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

5.3CVSS7.8AI score0.00403EPSS
Exploits0References1
osv
osv
added 2025/02/24 11:15 p.m.6 views

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

5.3CVSS6.1AI score0.00403EPSS
Exploits0References1
cnnvd
cnnvd
added 2025/02/24 12:0 a.m.5 views

Xingyuantu SparkShop 安全漏洞

Xingyuantu SparkShop is an open source shopping center from Xingyuantu, a Chinese company. A security vulnerability exists in Xingyuantu SparkShop v1.1.7 and earlier versions, which can be exploited for remote code execution via a specially crafted phar file...

5.3CVSS7.8AI score0.00403EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/02/24 12:0 a.m.5 views

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

5.8AI score0.00403EPSS
Exploits0References1
cvelist
cvelist
added 2025/02/24 12:0 a.m.14 views

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

0.00403EPSS
Exploits0References1
cve
cve
added 2025/02/24 12:0 a.m.68 views

CVE-2024-57685

CVE-2024-57685 affects sparkshop v1.1.7 and earlier. The issue allows remote code execution via a crafted phar file. According to the linked data, the flaw has CVSS 3.1 base score 5.3 (NETWORK, LOW attack complexity, NONE privileges, NONE user interaction, I-LA, S-U). No explicit remediation or p...

5.3CVSS8AI score0.00403EPSS
Exploits0References1Affected Software1
redhat
redhat
added 2024/12/11 4:20 p.m.6 views

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

9.8CVSS6AI score0.08003EPSS
Exploits3References7
osv
osv
added 2024/03/06 10:51 a.m.15 views

BIT-CIVICRM-2020-36388

In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive...

8.8CVSS8.6AI score0.01478EPSS
Exploits1References2
redhat
redhat
added 2023/10/19 1:33 p.m.21 views

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

9.8CVSS7.5AI score0.08003EPSS
Exploits3References7
redhat
redhat
added 2023/10/19 1:19 p.m.3 views

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

9.8CVSS7.5AI score0.08003EPSS
Exploits3References7
nvd
nvd
added 2023/05/08 2:15 p.m.28 views

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

7.2CVSS6.8AI score0.01294EPSS
Exploits1References2
cnnvd
cnnvd
added 2023/05/08 12:0 a.m.5 views

CMS Made Simple 代码问题漏洞

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...

7.2CVSS7AI score0.01294EPSS
Exploits1References3
susecve
susecve
added 2023/02/15 5:58 a.m.6 views

SUSE CVE-2010-2094

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...

6.8CVSS7.7AI score0.12652EPSS
Exploits1References6
prion
prion
added 2022/04/15 8:15 p.m.21 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file...

6.5CVSS8.7AI score0.00801EPSS
Exploits0References1Affected Software1
veracode
veracode
added 2019/05/16 2:59 a.m.38 views

Denial Of Service (DoS) Through Memory Corruption

PHP is vulnerable to denial of service DoS attacks. The vulnerability exists in the ZIP signature-verification feature in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c...

9.8CVSS9.4AI score0.06842EPSS
Exploits1References12Affected Software1
cnvd
cnvd
added 2019/05/09 12:0 a.m.2 views

TYPO3 PharStreamWrapper Remote Code Execution Vulnerability

TYPO3 PharStreamWrapper is an interceptor for stream processing from the Swiss TYPO3 Association. Drupal core third-party class library TYPO3/PharStreamWrapper package 2.1.1 before version 2.x and 3.1.1 before version 3.x there is a deserialization protection mechanism can be bypassed leading to...

9.8CVSS8.2AI score0.05586EPSS
Exploits0References1
redhat
redhat
added 2018/05/03 5:6 a.m.5 views

php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressedfilesize field is large enough, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via a crafted PHA...

9.8CVSS7.4AI score0.06842EPSS
Exploits1References4
cnvd
cnvd
added 2017/02/16 12:0 a.m.5 views

PHP buffer overflow vulnerability (CNVD-2017-01945)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

9.8CVSS9.1AI score0.07322EPSS
Exploits0References1
Rows per page
Query Builder