9 matches found
CVE-2025-22145
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...
[SECURITY] [DLA 4068-1] php-nesbot-carbon security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4068-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk February 25, 2025 https://wiki.debian.org/LTS -...
Debian dla-4068 : php-nesbot-carbon - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4068 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4068-1 [email protected] https://www.debian.org/lts/security/...
Debian: Security Advisory (DLA-4068-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-22145
creationtimestamp| type| source ---|---|--- 2025-01-08 20:43:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113794680065130976 2025-01-08 21:13:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/840 2025-01-08 21:15:47+00:00| seen|...
CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...
CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...
CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...
CVE-2025-22145
Carbon (PHP DateTime extension) has a vulnerability where unsanitized input passed to Carbon::setLocale could lead to arbitrary file include if a PHP file is uploaded in a folder that is includable. This affects users of the Carbon extension and is mitigated by fixes in Carbon release 3.8.4 and 2...