CVE-2026-4587

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

EUVD-2026-14425

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

HybridAuth Has Improper SSL Certificate Validation in Curl HTTP Client

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

GHSA-R3HF-Q3MF-7H6W HybridAuth Has Improper SSL Certificate Validation in Curl HTTP Client

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

Improper Certificate Validation

Overview hybridauth/hybridauth is a PHP Social Authentication Library Affected versions of this package are vulnerable to Improper Certificate Validation through the setCurlOptions processing in src/HttpClient/Curl.php. An attacker can intercept or tamper with HTTPS traffic by supplying malicious...

CVE-2026-4587

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

CVE-2026-4587

CVE-2026-4587 affects HybridAuth up to 3.12.2. The issue involves improper certificate validation caused by manipulation of curlOptions in src/HttpClient/Curl.php of the SSL Handler. Exploitation can be remote and the attack has high complexity; no public exploit details or impact beyond the desc...

CVE-2026-4587 HybridAuth SSL Curl.php certificate validation

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

CVE-2026-4587

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

CVE-2026-4587 HybridAuth SSL Curl.php certificate validation

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

Hybridauth 信任管理问题漏洞

Hybridauth is an open-source web-based authentication and authorization software developed by Hybridauth. Versions of Hybridauth 3.12.2 and earlier contained a vulnerability related to trust management. This vulnerability stemmed from incorrect handling of parameters in the curlOptions file withi...

PT-2026-27123

A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curlOptions results in improper certificate validation. The attack can be launched remotely. This...

EUVD-2015-5466

Malware in sbrugna...

EUVD-2014-9808

Malware in sbrugna...

CVE-2014-125116

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...

CVE-2014-125116

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...

CVE-2014-125116 HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...

CVE-2014-125116 HybridAuth 2.0.9 - 2.2.2 Unauthenticated RCE via install.php Configuration Injection

A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated...

CVE-2014-125116

HybridAuth

Hybridauth 安全漏洞

Hybridauth is a web-based authentication and authorization software from Hybridauth open source. A security vulnerability exists in Hybridauth versions 2.0.9 through 2.2.2, which stems from an install.php script that does not properly clean up its inputs, which could lead to remote code execution...