Nette Framework - Remote Code Execution

Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. id: CVE-2020-15227 info: name: Nette Framework - Remote Code Execution author:...

PT-2026-38271

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The make:controller CLI command allows arbitrary directory creation outside the project root. This occurs because the command calls mkdir..., recursive: true on a path constructed from a user-supplie...

EUVD-2024-3464

Malicious code in bioql PyPI...

CVE-2024-55586

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior...

GHSA-F626-677R-J5VQ Withdrawn Advisory: Nette Database SQL injection

Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...

Withdrawn Advisory: Nette Database SQL injection

Withdrawn Advisory This advisory has been withdrawn as it was reported in error. This link is maintained to preserve external references. Original Description Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where...

CVE-2024-55586

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior...

CVE-2024-55586

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior...

PT-2024-36561 · Nette · Nette Database

Name of the Vulnerable Software and Affected Versions: Nette Database versions 3.2.4 and earlier Description: The issue allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. This occurs when there's an untrusted filter sent straight ...

CVE-2024-55586

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior...

Nette Database 安全漏洞

Nette Database is a Nette open source database layer with a familiar PDO-like API but more powerful features. A security vulnerability exists in Nette Database 3.2.4 and earlier versions, which stems from the presence of a SQL injection vulnerability that allows an attacker to manipulate the...

CVE-2024-55586

CVE-2024-55586 (Nette Database) : Affected software is Nette Database up to version 3.2.4. The vulnerability is a SQL injection vulnerability where an untrusted filter is passed directly to the where method, enabling manipulation of query logic. The vendor states this is intended behavior. Public...

CVE-2024-55586

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior...

nette-schuhe.de Improper Access Control vulnerability OBB-3776919

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Ubuntu: Security Advisory (USN-5983-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5983-1 php-nette vulnerability

Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issue to execute arbitrary code...

USN-5983-1: Nette vulnerability

Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issue to execute arbitrary code...

Ubuntu 16.04 ESM / 18.04 LTS : Nette vulnerability (USN-5983-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5983-1 advisory. Cyku Hong discovered that Nette was not properly handling and validating data used for code generation. A remote attacker could possibly use this issu...

Latte Cross-Site Scripting Vulnerability

Latte is a template engine for Nette Foundation's Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client...

Latte 跨站脚本漏洞

Latte is a template engine for Nette Foundation's Php. Latte in version 2.8.0 contains a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to execute JavaScript code on the client...