Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.6 views

CVE-2025-22145

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

6.3CVSS7.2AI score0.00708EPSS
Exploits0References1
Debian
Debian
added 2025/02/25 11:44 a.m.8 views

[SECURITY] [DLA 4068-1] php-nesbot-carbon security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4068-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk February 25, 2025 https://wiki.debian.org/LTS -...

6.3CVSS6.5AI score0.00708EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/25 12:0 a.m.5 views

Debian dla-4068 : php-nesbot-carbon - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4068 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4068-1 [email protected] https://www.debian.org/lts/security/...

6.3CVSS5.5AI score0.00708EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/02/25 12:0 a.m.5 views

Debian: Security Advisory (DLA-4068-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.3CVSS7.1AI score0.00708EPSS
Exploits0References2
Circl
Circl
added 2025/01/08 8:43 p.m.9 views

CVE-2025-22145

creationtimestamp| type| source ---|---|--- 2025-01-08 20:43:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113794680065130976 2025-01-08 21:13:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/840 2025-01-08 21:15:47+00:00| seen|...

6.3CVSS5.7AI score0.00708EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/01/08 8:40 p.m.17 views

CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

6.3CVSS0.00708EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/08 8:40 p.m.6 views

CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

6.3CVSS6.8AI score0.00708EPSS
Exploits0References2
OSV
OSV
added 2025/01/08 8:40 p.m.7 views

CVE-2025-22145 Carbon has an arbitrary file include via unvalidated input passed to Carbon::setLocale

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

6.3CVSS7.2AI score0.00708EPSS
Exploits0References5
CVE
CVE
added 2025/01/08 8:40 p.m.3447 views

CVE-2025-22145

Carbon (PHP DateTime extension) has a vulnerability where unsanitized input passed to Carbon::setLocale could lead to arbitrary file include if a PHP file is uploaded in a folder that is includable. This affects users of the Carbon extension and is mitigated by fixes in Carbon release 3.8.4 and 2...

6.3CVSS7AI score0.00708EPSS
Exploits0References3
Rows per page
Query Builder