Lucene search
+L

9 matches found

redhatcve
redhatcve
added 2026/06/05 7:30 p.m.12 views

CVE-2026-42549

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS5.5AI score0.00154EPSS
Exploits0References1
nvd
nvd
added 2026/05/13 8:16 p.m.35 views

CVE-2026-42549

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS0.00154EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/13 7:22 p.m.13 views

CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/13 7:22 p.m.59 views

CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS0.00154EPSS
Exploits0References1
cve
cve
added 2026/05/13 7:22 p.m.25 views

CVE-2026-42549

CVE-2026-42549 affects Flight PHP core prior to 3.18.1. The make:controller CLI calls mkdir(..., recursive: true) on a user-supplied controller path before Nette class-name validation, allowing creation of directories outside the project root via ../ traversal. The directory creation side effect ...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/13 7:22 p.m.7 views

CVE-2026-42549

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/05/13 7:22 p.m.3 views

CVE-2026-42549 Flight: Path traversal in `make:controller` CLI creates arbitrary directories outside project root

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name...

4.4CVSS6AI score0.00154EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/05/13 12:0 a.m.11 views

Flight 路径遍历漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained a path traversal vulnerability. This vulnerability stemmed from the make:controller CLI command, which created directories based on the controller names provided by users before class name validatio...

4.4CVSS5.8AI score0.00154EPSS
Exploits0References1
snyk
snyk
added 2026/05/06 9:34 p.m.13 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the make:controller process. An attacker can create arbitrary directories outside the intended project root by supplying crafted input containing directory traversal sequences. Details A Directory Traversal attac...

4.8CVSS6.3AI score0.00154EPSS
Exploits0References2
Rows per page
Query Builder