3 matches found
Flight 安全漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...
CVE-2025-71282 XenForo Path Disclosure via open_basedir Exceptions
XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by openbasedir restrictions. This allows an attacker to obtain information about the server's directory structure...
CVE-2023-47639 API Platform Core can leak exceptions message that may contain sensitive information
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5...