39 matches found
CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...
CVE-2026-42548
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that...
CVE-2026-42548 Flight: Reflected XSS via unvalidated JSONP callback in Flight::jsonp()
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that...
CVE-2026-42548 Flight: Reflected XSS via unvalidated JSONP callback in Flight::jsonp()
Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that...
CVE-2026-42548
Flight (PHP micro-framework) contains a reflected XSS in Flight::jsonp() prior to version 3.18.1, where the ?jsonp= parameter is concatenated into a JavaScript response without validating the callback name. This allows an attacker to inject arbitrary JavaScript that executes in the response origi...
Flight 跨站脚本漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of Flight::jsonp, which directly connected the “?jsonp=” query parameter to the application/javascript response body. No...
Flight 安全漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a security vulnerability. This vulnerability stemmed from the default error handling mechanism Engine::error, which wrote the entire exception message into the HTTP 500 response. Without debugging...
Flight 路径遍历漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a path traversal vulnerability. This vulnerability stemmed from the make:controller CLI command, which created directories based on the controller names provided by users before class name validatio...
Flight 安全漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...
GHSA-VXRR-W42W-W76G Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass
Summary Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET request can silently become a DELETE or PUT, enabling CSRF...
GHSA-3XJV-PMF2-GF2Q Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root
Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...
GHSA-FCX8-PH5R-MXR4 Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()
Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...
Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()
Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...
PT-2026-38270
Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The Flight::jsonp function concatenates the jsonp query parameter directly into an application/javascript response body without validating if the value is a legal JavaScript identifier. This allows a...
EUVD-2014-9818
Malware in sbrugna...
CVE-2014-125127
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...
CVE-2014-125127
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...
CVE-2014-125127 Denial of Service (DoS) vulnerability in mikecao/flight
The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service DoS attacks due to eager loading of request bodies in the Request class constructor. The framework automatically reads the entire request body on every HTTP request, regardless of whether the application...
Flight 安全漏洞
Flight is a PHP microframework by Mike Cao's personal developer. A security vulnerability exists in versions prior to Flight v1.2, which stems from eager loading of the request body in the constructor of the Request class, which could lead to a denial-of-service attack...