52 matches found
CVE-2026-37552
CVE-2026-37552 . Affected: MixPHP Framework 2.x up to 2.2.17. Root cause: unsafe deserialization using Opis\Closure\unserialize() on data received by the sync-invoke TCP server, then executed via call_user_func(). No authentication/signature on the localhost TCP port (127.0.0.1). Impact: arbitrar...
CVE-2026-37552
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...
CVE-2026-42475
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...
CVE-2026-42471
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...
EUVD-2026-26676
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...
CVE-2026-42474
CVE-2026-42474 describes an SQL injection in MixPHP Framework 2.x up to 2.2.17, caused by crafting the data array passed to BuildHelper.php::data function. Affected component is MixPHP Framework (2.x) and the vulnerability arises from the BuildHelper.php data function, as cited across NVD, CVE li...
CVE-2026-42472
The CVE-2026-42472 entry describes an unsafe deserialization vulnerability in MixPHP Framework 2.x up to 2.2.17, caused by session and cache handlers calling unserialize() on data sourced from Redis in the RedisHandler object. This is reported across multiple feeds (NVD, CVE listing, vuln enrichm...
CVE-2026-42472
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...
CVE-2026-42473
The CVE-2026-42473 issue affects MixPHP Framework 2.x up to 2.2.17. The vulnerability arises from unsafe deserialization in the FileHandler’s session and cache handling, where data from the filesystem is passed to PHP’s unserialize(), enabling high-impact data integrity/confidentiality/availabili...
CVE-2026-42471
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...
CVE-2026-42473
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from the filesystem in the FileHandler object...
EUVD-2026-26673
Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize on data from Redis in the RedisHandler object...