1676 matches found
CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...
CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...
CVE-2026-25923
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...
CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...
PT-2026-7178
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...
my little forum 代码问题漏洞
My Little Forum is an open-source online forum system based on PHP and MySQL. Versions prior to 20260208.1 had code vulnerabilities; these vulnerabilities stemmed from URL validation not filtering the phar protocol, which could lead to arbitrary file deletion...
MiracleLinux 9 : php:8.1 (AXSA:2023-5806:01)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5806:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...
MiracleLinux 9 : php-8.0.30-1.el9 (AXSA:2023-6528:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6528:03 advisory. php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in commo...
MiracleLinux 9 : php-8.0.27-1.el9 (AXSA:2023-5186:02)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5186:02 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...
MiracleLinux 8 : php:7.4 (AXSA:2023-5958:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5958:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...
MiracleLinux 7 : rh-php73-php-7.3.20-1.el7 (AXSA:2020-958:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-958:01 advisory. php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte CVE-2019-11045 php: Information...
MiracleLinux 8 : php:7.3 (AXSA:2020-779:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-779:01 advisory. php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer over-read in exifreaddata CVE-2019-11040 php:...
MiracleLinux 7 : rh-php56-php-5.6.5-7.el7 (AXSA:2016-130:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-130:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers...
CVE-2021-27817
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix...
CVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...
CVE-2021-28976
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...
CVE-2021-28998
File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...
CVE-2024-34515
image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...
CVE-2025-14842
The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited upload of files with a dangerous type in all versions up to, and including, 1.3.9.2. This is due to the plugin not blocking .phar and .svg files. This makes it possible for unauthenticated...
CVE-2023-50252
php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...