6 matches found
CVE-2017-7569
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...
SUSE-SU-2021:0125-1 Security update for php72
This update for php72 fixes the following issue: - CVE-2020-7071: Fixed an insufficient filter in parseurl that accepted URLs with invalid userinfo bsc1180706...
CVE-2016-10397
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...
CVE-2016-10397
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:[email protected]/ and evil.example.com:[email protected]/ inputs to the parseurl...
CVE-2017-7569
In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parseurl function, aka VBV-17037...
CVE-2017-7569
CVE-2017-7569 affects vBulletin prior to 5.3.0. An SSRF bypass allows remote attackers to bypass the CVE-2016-6483 patch by abusing PHP parse_url behavior, enabling SSRF conditions. The vulnerability context is that the patch for CVE-2016-6483 did not fully mitigate SSRF opportunities, and exploi...