52 matches found
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
EUVD-2026-26675
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
PT-2026-36487
Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists in the sync-invoke TCP server. The server receives data from a TCP socket and passes it directly to the unserialize function within the OpisClosure...
CVE-2026-42474
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
EUVD-2026-26672
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...
PT-2026-36491
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
CVE-2026-42474
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
CVE-2026-42471
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...
CVE-2026-42472
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...
PT-2026-36488
Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists in the sync-invoke client within the Connection.php file at line 76. The client uses the unserialize function on data received from server response...
CVE-2026-42474
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...
CVE-2026-42475
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...
EUVD-2026-26674
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
CVE-2026-37552
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...
PT-2026-36489
Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists where the session and cache handlers utilize the unserialize function on data retrieved from Redis within the RedisHandler object. Recommendations ...
CVE-2026-42475
MixPHP Framework 2.x (up to 2.2.17) is affected by an SQL injection vulnerability in BuildHelper.php (joinOn) triggered by a crafted on array in BuildHelper.php. Root cause is unsafe handling of input in the join condition, enabling an attacker to affect the database query, with the reported CVSS...
CVE-2026-42471
Summary: CVE-2026-42471 is an unsafe deserialization vulnerability in MixPHP Framework 2.x up to 2.2.17. The MixPHP sync-invoke client (Connection.php:76) calls unserialize() on data from the server response, which can enable client-side RCE if a malicious server is involved. Affected software/co...
EUVD-2026-26670
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...
CVE-2026-42474
CVE-2026-42474 describes an SQL injection in MixPHP Framework 2.x up to 2.2.17, caused by crafting the data array passed to BuildHelper.php::data function. Affected component is MixPHP Framework (2.x) and the vulnerability arises from the BuildHelper.php data function, as cited across NVD, CVE li...
EUVD-2026-26676
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...