Astra Linux - уязвимость в php7.3

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21, and 7.4.x below 7.4.9, when processing PHAR files using the phar extension, pharparsezipfile might be tricked into accessing freed memory, which could lead to a crash or information disclosure...

UBUNTU-CVE-2023-53952

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2023-53952

CVE-2023-53952 affects Dotclear 2.25.3, which contains a remote code execution vulnerability exploitable by authenticated attackers through the blog post creation interface. The issue arises from allowing uploads of PHP files with a .phar extension; such uploaded files can execute PHP system comm...

CVE-2023-53933

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...

CVE-2023-53933

Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server...

CVE-2023-53924

UliCMS 2023.1-sniffing-vicuna contains a remote code execution vulnerability that allows authenticated attackers to upload PHP files with .phar extension during profile avatar upload. Attackers can trigger code execution by visiting the uploaded file's location, enabling system command execution...

CVE-2023-53933

CVE-2023-53933 affects Serendipity 2.4.0. An authenticated attacker can upload PHP files with a .phar extension via the media upload endpoint, enabling remote code execution on the server. The vulnerability arises from accepting or processing uploaded files in a way that allows execution of syste...

PT-2025-51971

Name of the Vulnerable Software and Affected Versions Serendipity version 2.4.0 Description An authenticated attacker can upload malicious PHP files with a .phar extension, leading to remote code execution. Attackers can upload files containing system command payloads to the media upload endpoint...

PT-2025-51962

Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1-sniffing-vicuna Description The software contains a remote code execution issue that allows authenticated attackers to upload PHP files with a .phar extension during profile avatar uploads. Attackers can execute code by...

UliCMS 代码问题漏洞

UliCMS is a content management system CMS open source by UliCMS. The system supports features such as access control and WYSIWYG editing. A code issue vulnerability exists in UliCMS version 2023.1-sniffing-vicuna, which originates from an authenticated attacker who can upload a PHP file with a...

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

EUVD-2010-2954

Malware in sbrugna...

EUVD-2010-2111

Malware in sbrugna...

EUVD-2016-4194

Malware in sbrugna...

EUVD-2022-0870

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-4072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as...

Linux Distros Unpatched Vulnerability : CVE-2016-3142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The pharparsezipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive informatio...

SUSE CVE-2016-3142

The pharparsezipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service out-of-bounds read and application crash by placing a PK\x05\x06 signature at an inval...

BIT-PHP-2020-7068 Use of freed hash key in the phar_parse_zipfile function

In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, pharparsezipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure...

Filr – Secure document library < 1.2.3.6 - Author+ RCE via file upload with phar ext

Description The plugin is vulnerable from an RCE Remote Code Execution vulnerability, which allows the operating system to execute commands and fully compromise the server on behalf of a user with Author-level privileges. PoC 1 Go to main dashboard of plugin...