elFinder < 2.1.58 - Remote Code Execution

studio-42/elfinder before 2.1.58 contains a remote code execution caused by execution of PHP code in a .phar file, letting attackers execute arbitrary PHP code if the server parses .phar files as PHP, exploit requires server to parse .phar files as PHP. id: CVE-2021-23394 info: name: elFinder...

CLSA-2026-1777946242 php: Fix of 13 CVEs

CVE-2018-14883: fix int overflow leading to heap overflow in exifthumbnailextract - CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD - CVE-2019-9022: fix memcpy with negative length via crafted DNS response - CVE-2019-9640: fix invalid read in exifprocessSOFn - CVE-2019-11042:...

CVE-2023-53952 Dotclear 2.25.3 Authenticated Remote Code Execution via File Upload

Dotclear 2.25.3 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension through the blog post creation interface. Attackers can upload files containing PHP system commands that execute when the uploaded file is accessed...

CVE-2023-53889

Perch CMS 3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload arbitrary PHP files through the assets management interface. Attackers can upload a malicious .phar file with embedded system command execution capabilities to execute arbitrary command...

CVE-2023-53885 Webutler v3.2 Remote Code Execution via Arbitrary File Upload

Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administrators to upload PHP files with system command execution. Attackers can upload a PHAR file with embedded system commands to the media browser and execute arbitrary commands by accessing the uploaded fil...

PT-2025-51307

Name of the Vulnerable Software and Affected Versions Perch CMS version 3.2 Description Perch CMS version 3.2 has a remote code execution issue. Authenticated administrators can upload arbitrary PHP files through the assets management interface. An attacker can upload a malicious .phar file...

PT-2025-51303

Name of the Vulnerable Software and Affected Versions Webutler version 3.2 Description Webutler version 3.2 has a flaw that permits authenticated administrators to upload PHP files capable of executing system commands. An attacker can upload a PHAR file containing embedded system commands through...

Code-Projects Online Medicine Guide 注入漏洞

Code-Projects Online Medicine Guide is an online medicine guide from Code-Projects open source. An injection vulnerability exists in Code-Projects Online Medicine Guide version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter Search in the file /cusfindphar2.php...

CVE-2025-2105

The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'ravendownloadfile' function. This makes it possible for attackers to inject a PHP Object through a PH...

CVE-2025-2105 Jupiter X Core <= 4.8.11 - Unauthenticated PHP Object Injection via PHAR

The Jupiter X Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.8.11 via deserialization of untrusted input from the 'file' parameter of the 'ravendownloadfile' function. This makes it possible for attackers to inject a PHP Object through a PH...

BIT-PHP-MIN-2023-3824 Buffer overflow and overread in phar_dir_read()

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

CVE-2024-33438

Summary of CVE-2024-33438 : CubeCart versions prior to 6.5.5 are vulnerable to an authenticated file upload flaw that allows arbitrary code execution via a crafted .phar file. The underlying issue is a file upload vulnerability in the application’s handling of uploaded files, enabling an attacker...

PT-2024-25259 · Cubecart · Cubecart

Name of the Vulnerable Software and Affected Versions: CubeCart versions prior to 6.5.5 Description: The issue allows an authenticated user to execute arbitrary code via a crafted .phar file. This is a result of a File Upload vulnerability. Recommendations: For versions prior to 6.5.5, update to...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php

PHP Malicious Phar File PoC CVE-2023-3824 Description T...

BIT-PHP-2023-3824 Buffer overflow and overread in phar_dir_read()

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

External Control Of Filename

phenx/php-svg-lib is vulnerable to External Control of Filename. The vulnerability is due to insecure handling of inline CSS font definitions, allowing an attacker to deserialize a PHAR file through the phar:// URL handler. Note that remote code execution is only possible on PHP versions less the...

Amazon Linux 2 : php (ALASPHP8.1-2023-004)

The version of php installed on the remote host is prior to 8.1.22-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.1-2023-004 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

Amazon Linux 2 : php (ALASPHP8.0-2023-009)

The version of php installed on the remote host is prior to 8.0.30-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-009 advisory. GHSA-76gg-c692-v2mw: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP NOTE: Fixe...

Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2023-324)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-324 advisory. In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities...

PHP 8.2.x < 8.2.9 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.9 advisory. - In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8 various XML functions rely on libxml global state ...