Caddy: Unsafe Unicode Handling in FastCGI splitPos Allows Execution of Non-PHP Files

Summary The FastCGI transport's splitPos in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/text/search with search.IgnoreCase when the request path contains a non-ASCII byte. Two distinct flaws in that fallback let an attacker mislead Caddy's FastCGI splitting into treatin...

Dolibarr 安全漏洞

Dolibarr is an open-source application developed by Dolibarr developers. It helps manage activities within user organizations. Dolibarr versions 22.0.4 and earlier contained security vulnerabilities. These vulnerabilities stemmed from a local file inclusion vulnerability in the core AJAX...