CVE-2024-34515

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...

@mean-expert/fireloop (>=1.0.0-alpha.8 <=1.0.0-beta.2.7), @shoutem/cli (>=0.10.5 <=0.13.5) +88 more potentially affected by unknown CVE via command-exists (>=0.1.1 <=1.2.2)

command-exists NPM version =0.1.1, =1.0.0-alpha.8, =0.10.5, =0.1.0, =1.0.0, =5.0.11, =0.0.8, =0.2.0, =0.0.14, =1.0.0, =0.0.7, =0.0.4, =0.6.1, =1.0.0, =1.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-CFF4-RRQ6-H78W...

phpcms 2 0 0 7 onunload. inc. php page to an update-type implant is attached using the EXP-bug warning-the black bar safety net

Download a set of phpcms 2 0 0 7 analysis, in the module\movie\onunload. inc. php found a update type of injection. query"UPDATE ". TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; ? $serverid is not any filtering and also not enclosed in single quotation marks, so ignor...

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...