Lucene search
K

1676 matches found

Cvelist
Cvelist
added 2026/02/09 9:56 p.m.33 views

CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

8.7CVSS0.00435EPSS
Exploits1References2
OSV
OSV
added 2026/02/09 9:56 p.m.7 views

CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

8.7CVSS5.9AI score0.00435EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/02/09 9:56 p.m.6 views

CVE-2026-25923

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 9:56 p.m.3 views

CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.9 views

PT-2026-7178

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...

8.7CVSS5.8AI score0.00435EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.11 views

my little forum 代码问题漏洞

My Little Forum is an open-source online forum system based on PHP and MySQL. Versions prior to 20260208.1 had code vulnerabilities; these vulnerabilities stemmed from URL validation not filtering the phar protocol, which could lead to arbitrary file deletion...

9.1CVSS6AI score0.00435EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.8 views

MiracleLinux 9 : php:8.1 (AXSA:2023-5806:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5806:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...

9.8CVSS7.9AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 9 : php-8.0.30-1.el9 (AXSA:2023-6528:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6528:03 advisory. php: XML loading external entity without being enabled CVE-2023-3823 php: phar Buffer mismanagement CVE-2023-3824 php: 1-byte array overrun in commo...

9.8CVSS7.9AI score0.08003EPSS
Exploits6References7
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : php-8.0.27-1.el9 (AXSA:2023-5186:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5186:02 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a Host- or Secure- cook...

9.8CVSS7.8AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 8 : php:7.4 (AXSA:2023-5958:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5958:01 advisory. XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie could be treated as a 'Host-' or 'Secure-'...

9.8CVSS8.5AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : rh-php73-php-7.3.20-1.el7 (AXSA:2020-958:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-958:01 advisory. php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte CVE-2019-11045 php: Information...

9.1CVSS7.6AI score0.08888EPSS
Exploits13References15
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.9 views

MiracleLinux 8 : php:7.3 (AXSA:2020-779:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-779:01 advisory. php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer over-read in exifreaddata CVE-2019-11040 php:...

9.8CVSS7.9AI score0.08888EPSS
Exploits19References23
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 7 : rh-php56-php-5.6.5-7.el7 (AXSA:2016-130:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-130:01 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers...

10CVSS8.2AI score0.50129EPSS
Exploits19References19
RedhatCVE
RedhatCVE
added 2026/01/09 11:30 a.m.28 views

CVE-2021-27817

A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix...

9.8CVSS7.3AI score0.03227EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.10 views

CVE-2021-33352

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field...

9.8CVSS7.8AI score0.01361EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.7 views

CVE-2021-28976

Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess...

7.2CVSS7.5AI score0.07548EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:25 a.m.4 views

CVE-2021-28998

File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file...

7.2CVSS7.1AI score0.01294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.7 views

CVE-2024-34515

image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to fileexists...

8.8CVSS6.8AI score0.0188EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.6 views

CVE-2025-14842

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited upload of files with a dangerous type in all versions up to, and including, 1.3.9.2. This is due to the plugin not blocking .phar and .svg files. This makes it possible for unauthenticated...

6.1CVSS6.9AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:0 a.m.11 views

CVE-2023-50252

php-svg-lib is an SVG file parsing / rendering library. Prior to version 0.5.1, when handling tag that references an tag, it merges the attributes from the tag to the tag. The problem pops up especially when the href attribute from the tag has not been sanitized. This can lead to an unsafe file...

9.8CVSS6.6AI score0.23903EPSS
Exploits1References1
Rows per page
Query Builder