335 matches found
Design/Logic Flaw
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...
CVE-2021-29487 Authentication bypass in Octobercms
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...
CVE-2021-29487
CVE-2021-29487 affects the October CMS platform (october/system) and enables an unauthenticated attacker to bypass authentication and take over a frontend user account. The exploit relies on obtaining Laravel’s secret key for cookie encryption/signing. The vulnerability has been patched in Build ...
Tastylgniter Cross-Site Scripting Vulnerability
TastyIgniter is a free open source restaurant online ordering system based on Laravel PHP Framework. A cross-site scripting vulnerability exists in Tastylgniter 3.0.7, which originates from the lack of validation of user-submitted data in the /account, /reservation, /admin/dashboard, and...
yii2 安全特征问题漏洞
yii2 is a fast, secure and professional PHP framework. A security vulnerability exists in yii2 that stems from yii2's susceptibility to predictable algorithms in random number generators...
Twothink 安全漏洞
Twothink is a software application. Twothink is an open source content management framework developed using the latest ThinkPHP version 5.0.2 to provide a more convenient and secure WEB application development experience , using a new architectural design and namespace mechanism , a blend of...
File Upload Vulnerability in Worms CMS Enterprise Content Management System
Worms CMS enterprise content management system using an object-oriented approach to the development of independent research and development of PHP framework, it is a content management system, the product is based on PHP + Mysql architecture, can run on Linux, Windows, MacOSX, Solaris and other...
Shanghai Topmind Information Technology Co., Ltd. ThinkPHP suffers from a deserialization vulnerability
ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. ThinkPHP has a deserialization vulnerability that can be exploited by attackers to gain server control privileges...
Symfony Elevation of Privilege Vulnerability
Symfony is a PHP framework based on the MVC architecture and is free software, distributed under the MIT License. Symfony suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain access to all firewalls by sending a specially crafted request...
CVE-2021-32693
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the...
CVE-2021-32693
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the...
CVE-2021-32693 Authentication granted with multiple firewalls
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. A vulnerability related to firewall authentication is in Symfony starting with version 5.3.0 and prior to 5.3.2. When an application defines multiple firewalls, the token authenticated by one of the...
CVE-2021-32693
Symfony framework vulnerability CVE-2021-32693: When an application defines multiple firewalls, the authentication token from one firewall could be usable across other firewalls in versions 5.3.0–5.3.1. This could allow a user authenticated on one part of the app to be treated as authenticated on...
Fedora: Security Advisory for php-symfony4 (FEDORA-2021-121edb82dd)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for php-symfony4 (FEDORA-2021-2d145b95f6)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora: Security Advisory for php-symfony3 (FEDORA-2021-c57937ab9f)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 34 Update: php-symfony4-4.4.24-1.fc34
Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...
[SECURITY] Fedora 33 Update: php-symfony3-3.4.49-1.fc33
Symfony PHP framework version 3. NOTE: Does not require PHPUnit bridge...
CVE-2021-21424
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. ...
Sensio Labs Symfony 信息泄露漏洞
Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools that can be used to quickly create complex web programs. A security vulnerability exists in Symfony. The...