[SECURITY] [DLA 4068-1] php-nesbot-carbon security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4068-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk February 25, 2025 https://wiki.debian.org/LTS -...

DLA-4068-1 php-nesbot-carbon - security update

Bulletin has no description...

Debian dla-4068 : php-nesbot-carbon - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4068 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4068-1 [email protected] https://www.debian.org/lts/security/...

Debian: Security Advisory (DLA-4068-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arbitrary File Inclusion (AFI)

nesbot/carbon is vulnerable to Arbitrary File Inclusion AFI. The vulnerability is due to unsanitized user input passed to Carbon::setLocale, which allows attackers to upload files with a .php extension in a folder that can be included or required by the application, potentially executing arbitrar...

PHP Remote File Inclusion

Overview Affected versions of this package are vulnerable to PHP Remote File Inclusion via the setLocale method. An attacker can include arbitrary files and execute code by passing unvalidated input that leads to file inclusion. Note: This is only exploitable if the application allows file upload...