Lucene search
K

39 matches found

Cvelist
Cvelist
added 2026/05/13 7:22 p.m.57 views

CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:21 p.m.9 views

CVE-2026-42548

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that...

8.6CVSS5.6AI score0.00341EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 7:21 p.m.32 views

CVE-2026-42548 Flight: Reflected XSS via unvalidated JSONP callback in Flight::jsonp()

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that...

8.6CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 7:21 p.m.11 views

CVE-2026-42548 Flight: Reflected XSS via unvalidated JSONP callback in Flight::jsonp()

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that...

8.6CVSS5.6AI score0.00341EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 7:21 p.m.14 views

CVE-2026-42548

Flight (PHP micro-framework) contains a reflected XSS in Flight::jsonp() prior to version 3.18.1, where the ?jsonp= parameter is concatenated into a JavaScript response without validating the callback name. This allows an attacker to inject arbitrary JavaScript that executes in the response origi...

8.6CVSS5.6AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Flight 跨站脚本漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Flight::jsonp, which directly connected the “?jsonp=” query parameter to the application/javascript response body. No...

8.6CVSS5.7AI score0.00341EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Flight 路径遍历漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a path traversal vulnerability. This vulnerability stemmed from the make:controller CLI command, which created directories based on the controller names provided by users before class name validatio...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 9:38 p.m.5 views

GHSA-VXRR-W42W-W76G Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass

Summary Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET request can silently become a DELETE or PUT, enabling CSRF...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References5
OSV
OSV
added 2026/05/06 9:34 p.m.5 views

GHSA-3XJV-PMF2-GF2Q Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root

Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 9:34 p.m.8 views

GHSA-FCX8-PH5R-MXR4 Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

8.6CVSS5.9AI score0.00341EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/06 9:34 p.m.14 views

Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

8.6CVSS5.9AI score0.00341EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-38270

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The Flight::jsonp function concatenates the jsonp query parameter directly into an application/javascript response body without validating if the value is a legal JavaScript identifier. This allows a...

8.6CVSS5.8AI score0.00341EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2014-9818

Malware in sbrugna...

7.5CVSS6.3AI score0.00421EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/05 9:16 a.m.9 views

CVE-2014-125127

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...

7.5CVSS7AI score0.00421EPSS
Exploits1References1
NVD
NVD
added 2025/09/03 9:15 a.m.6 views

CVE-2014-125127

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...

7.5CVSS0.00421EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/03 8:35 a.m.9 views

CVE-2014-125127 Denial of Service (DoS) vulnerability in mikecao/flight

The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...

7.5CVSS0.00421EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.4 views

Flight 安全漏洞

Flight is a PHP microframework by Mike Cao's personal developer. A security vulnerability exists in versions prior to Flight v1.2, which stems from eager loading of the request body in the constructor of the Request class, which could lead to a denial-of-service attack...

7.5CVSS6.5AI score0.00421EPSS
Exploits1References3
Rows per page
Query Builder