Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/03/11 7:5 p.m.4 views

CVE-2026-31894 WeGIA affected by arbitrary file read via symlink in backup restore

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

6.9CVSS5.8AI score0.00414EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/11 7:5 p.m.27 views

CVE-2026-31894 WeGIA affected by arbitrary file read via symlink in backup restore

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

6.9CVSS0.00414EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.4 views

SUSE CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.3CVSS9.3AI score0.01599EPSS
Exploits1References8
OSV
OSV
added 2020/02/27 9:15 p.m.2 views

DEBIAN-CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.3CVSS7.1AI score0.01599EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2020/02/17 12:0 a.m.13 views

PT-2020-5321 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP versions 7.2.x through 7.2.27 PHP versions 7.3.x through 7.3.14 PHP versions 7.4.x through 7.4.2 Description: The issue is related to the incorrect preservation of permissions when creating PHAR archives using the...

10CVSS6.6AI score0.99998EPSS
Exploits287References487
CNVD
CNVD
added 2018/05/02 12:0 a.m.3 views

PHP ext/phar/phar_object.c file suffers from a reflected cross-site scripting vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

6.1CVSS6.8AI score0.79949EPSS
Exploits0References1
Rows per page
Query Builder