Lucene search
K

7 matches found

OSV
OSV
added 2025/08/11 1:53 p.m.6 views

BIT-LIBPHP-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

5.5CVSS7.2AI score0.01599EPSS
Exploits1References9
OSV
OSV
added 2025/08/11 1:52 p.m.3 views

BIT-LIBPHP-2020-7061 heap-buffer-overflow in phar_extract_file

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash...

9.1CVSS6.8AI score0.03976EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/09/13 12:0 a.m.6 views

WordPress plugin WP Editor 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

7.2CVSS6.8AI score0.00578EPSS
Exploits0References3
OSV
OSV
added 2023/03/17 10:15 p.m.1 views

DEBIAN-CVE-2023-28115

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

9.8CVSS9.5AI score0.0276EPSS
Exploits1References1
OSV
OSV
added 2023/01/02 10:15 p.m.4 views

CVE-2022-4237

The Welcart e-Commerce WordPress plugin before 2.8.6 does not validate user input before using it in fileexist functions via various AJAX actions available to any authenticated users, which could allow users with a role as low as subscriber to perform PHAR deserialisation when they can upload a...

8.8CVSS5.8AI score0.01073EPSS
Exploits2References1
Veracode
Veracode
added 2019/05/02 5:39 a.m.50 views

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to...

7.5CVSS9.2AI score0.53166EPSS
Exploits32References52Affected Software6
Tenable Nessus
Tenable Nessus
added 2015/04/20 12:0 a.m.73 views

Amazon Linux AMI : php54 (ALAS-2015-509)

A buffer overflow vulnerability was found in PHP's phar PHP Archive implementation. See https://bugs.php.net/bug.php?id=69324 for more details. CVE-2015-2783 A use-after-free flaw was found in PHP's phar PHP Archive paths implementation. A malicious script author could possibly use this flaw to...

7.5CVSS7.6AI score0.38434EPSS
Exploits5References7
Rows per page
Query Builder