CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

EUVD-2016-8267

Malware in sbrugna...

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

CVE-2024-57685

CVE-2024-57685 affects sparkshop v1.1.7 and earlier. The issue allows remote code execution via a crafted phar file. According to the linked data, the flaw has CVSS 3.1 base score 5.3 (NETWORK, LOW attack complexity, NONE privileges, NONE user interaction, I-LA, S-U). No explicit remediation or p...

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

CVE-2024-57685

An issue in sparkshop v.1.1.7 and before allows a remote attacker to execute arbitrary code via a crafted phar file...

Xingyuantu SparkShop 安全漏洞

Xingyuantu SparkShop is an open source shopping center from Xingyuantu, a Chinese company. A security vulnerability exists in Xingyuantu SparkShop v1.1.7 and earlier versions, which can be exploited for remote code execution via a specially crafted phar file...

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

BIT-CIVICRM-2020-36388

In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive...

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

php: phar Buffer mismanagement

A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phardirread function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing...

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

CMS Made Simple 代码问题漏洞

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based permission management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...

SUSE CVE-2010-2094

Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain sensitive information memory contents and possibly execute arbitrary code via a crafted phar:// URI that is not properly handled by the 1 pharstreamflush, 2...

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in Chamilo LMS v1.11.13 allows attackers to enumerate the internal network and execute arbitrary system commands via a crafted Phar file...

Denial Of Service (DoS) Through Memory Corruption

PHP is vulnerable to denial of service DoS attacks. The vulnerability exists in the ZIP signature-verification feature in PHP. Remote attackers could cause a denial of service or possibly have unspecified other impact via a crafted PHAR archive, related to ext/phar/util.c and ext/phar/zip.c...

TYPO3 PharStreamWrapper Remote Code Execution Vulnerability

TYPO3 PharStreamWrapper is an interceptor for stream processing from the Swiss TYPO3 Association. Drupal core third-party class library TYPO3/PharStreamWrapper package 2.1.1 before version 2.x and 3.1.1 before version 3.x there is a deserialization protection mechanism can be bypassed leading to...

php: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile

The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressedfilesize field is large enough, which allows remote attackers to cause a denial of service out-of-bounds memory access or possibly have unspecified other impact via a crafted PHA...

PHP buffer overflow vulnerability (CNVD-2017-01945)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...