Lucene search
K

111 matches found

OSV
OSV
added 2020/06/10 8:15 p.m.15 views

CVE-2020-4043

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

9.8CVSS9.8AI score
Exploits0References5
Prion
Prion
added 2020/06/10 8:15 p.m.14 views

Code injection

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

7.5CVSS9.6AI score0.02597EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2020/06/10 7:40 p.m.62 views

CVE-2020-4043

CVE-2020-4043 affects phpMussel versions 1.0.0 to

9.8CVSS8.9AI score0.02597EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2020/06/10 7:40 p.m.37 views

CVE-2020-4043 Phar unserialization vulnerability in phpMussel

phpMussel from versions 1.0.0 and less than 1.6.0 has an unserialization vulnerability in PHP's phar wrapper. Uploading a specially crafted file to an affected version allows arbitrary code execution discovered, tested, and confirmed by myself, so the risk factor should be regarded as very high...

7.7CVSS9.7AI score0.02597EPSS
Exploits0References5
Exploit DB
Exploit DB
added 2019/04/02 12:0 a.m.128 views

LimeSurvey < 3.16 - Remote Code Execution

!/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...

9.8CVSS9.3AI score0.26172EPSS
Exploits7
Snyk
Snyk
added 2019/03/19 2:52 p.m.1 views

Deserialization of Untrusted Data

Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to Deserialization of Untrusted Data. It is possible insert the php wrapper “phar” with an arbitrary path in filename parameter that allows arbitrary code...

8.8CVSS8.3AI score0.01698EPSS
Exploits0References2
Veracode
Veracode
added 2019/02/07 2:13 a.m.20 views

Arbitrary Code Execution

mpdf/mpdf is vulnerable to arbitrary code execution. The vulnerability exists through a phar:// wrapper that leads to an insecure PHP deserialization flaw, allowing an attacker to execute arbitrary code...

8.8CVSS9.2AI score0.02101EPSS
Exploits1References3Affected Software1
Mageia
Mageia
added 2019/01/30 7:39 p.m.13 views

Updated php-tcpdf packages fix security vulnerabilities

- Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. - Merge various fixes for PHP 7.3 compatibility and security...

2.6AI score
Exploits0References2
OSV
OSV
added 2019/01/30 7:39 p.m.4 views

MGASA-2019-0053 Updated php-tcpdf packages fix security vulnerabilities

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data. - Merge various fixes for PHP 7.3 compatibility and security...

7.3AI score
Exploits0References3
CNVD
CNVD
added 2019/01/23 12:0 a.m.2 views

Drupal Core Remote Code Execution Vulnerability (CNVD-2019-04909)

Drupal core is a free, open source content management system developed in PHP and maintained by the Drupal community. A remote code execution vulnerability exists in the built-in phar stream wrapper PHP in Drupal core versions 7.x prior to 7.62, 8.6.x prior to 8.6.6 and 8.5.x prior to 8.5.9. A...

9.8CVSS8.5AI score0.33228EPSS
Exploits0References1
Friends Of PHP
Friends Of PHP
added 2018/09/20 5:24 a.m.24 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/09/20 5:24 a.m.18 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Veracode
Veracode
added 2018/09/17 7:47 a.m.20 views

Arbitrary Data Deserialization

tecnickcom/tcpdf is vulnerable to arbitrary data deserialization attack. The attack is possible because it allows the user to input arbitrary data to deserialize using via the phar:// wrapper...

9.8CVSS9.3AI score0.26172EPSS
Exploits7References7Affected Software1
UbuntuCve
UbuntuCve
added 2018/09/14 8:29 p.m.27 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS7.3AI score0.26172EPSS
Exploits7References3
OSV
OSV
added 2018/09/14 8:29 p.m.5 views

UBUNTU-CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS7.4AI score0.26172EPSS
Exploits7References4
OSV
OSV
added 2018/09/14 8:29 p.m.18 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS6.8AI score0.26172EPSS
Exploits7References7
NVD
NVD
added 2018/09/14 8:29 p.m.8 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS9.6AI score0.26172EPSS
Exploits7References7
OSV
OSV
added 2018/09/14 8:29 p.m.0 views

DEBIAN-CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.8CVSS7.2AI score0.26172EPSS
Exploits7References1
CVE
CVE
added 2018/09/14 8:0 p.m.155 views

CVE-2018-17057

The CVE-2018-17057 issue affects TCPDF prior to 6.2.22, allowing attackers to trigger deserialization of arbitrary data through the phar:// wrapper. Documented impact includes remote code execution risk when processing manipulated inputs, with notable exposure via LimeSurvey relying on the TCPDF ...

9.8CVSS9AI score0.26172EPSS
Exploits7References7Affected Software1
Cvelist
Cvelist
added 2018/09/14 8:0 p.m.36 views

CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

9.2AI score0.26172EPSS
Exploits7References7
Rows per page
Query Builder