WordPress Plugin Estatik Mortgage Calculator Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress plugin Gutentor cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Gutentor...

WordPress plugin Hash Elements cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Hash...

Drupal 安全漏洞

Drupal is an open source content management system developed in the PHP language by the Drupal community. A security vulnerability exists in Drupal Block permissions versions 1.0.0 through 1.2.0, which stems from the inclusion of an authorization error vulnerability...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

编号撤回

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. This CVE number has...

PbootCMS Code Injection Vulnerability (CNVD-2025-0171060)

PbootCMS is PbootCMS open source an open source enterprise building content management system CMS developed using the PHP language. PbootCMS version 3.2.3 and earlier versions of the code injection vulnerability exists , the vulnerability stems from apps/home/controller/IndexController.php page t...

CLSA-2024-1734535703 php: Fix of CVE-2023-3823

CVE-2023-3823: Fix external entity loading in XML without enabling by sanitizing libxml2 globals before parsing...

Craft CMS 代码注入漏洞

Craft CMS is a user-friendly, web-based content management system for creating and managing website content. Craft CMS has a security vulnerability due to the opening of registerargcargv in the PHP configuration, which can be exploited by an attacker to execute arbitrary code and take control of...

CLSA-2024-1734039943 php: Fix of CVE-2024-11234

CVE-2024-11234: fix stream HTTP fulluri CRLF injection...

php: Filter bypass in filter_var (FILTER_VALIDATE_URL)

A flaw was found in PHP. An early return in the filtervar FILTERVALIDATEURL function results in invalid user information username + password part of URLs being treated as valid user information. This issue impacts users who expect only completely valid URLs to be returned by filtervar...

php: XML loading external entity without being enabled

A flaw was found in PHP due to inadequate validation of user-supplied XML input. By leveraging specially crafted XML code, a remote attacker could obtain sensitive information by viewing the contents of arbitrary files on the system or initiating requests to external systems. This issue may allow...

php: host/secure cookie bypass due to partial CVE-2022-31629 fix

An improper input validation vulnerability was found in PHP. Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser...

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

php: Erroneous parsing of multipart form data

A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such...

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

A flaw was found in PHP. The configuration directive cgi.forceredirect prevents anyone from calling PHP directly with a URL such as http://host.example/cgi-bin/php/secretdir/script.php. However, in certain uncommon configurations, an attacker may be able to bypass this restriction and access...

The vulnerability of the static enum_func_status php_mysqlnd_rset_field_read() function in the PHP programming language allows a hacker to gain unauthorized access to protected information.

The vulnerability of the static enumfuncstatus phpmysqlndrsetfieldread function in the PHP programming language is related to insufficient protection of private data due to the operation being performed outside the buffer in memory. Exploiting this vulnerability could allow an attacker, operating...

WordPress plugin Pricing table addon for elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

AZL-53447 CVE-2024-11236 affecting package php for versions less than 8.3.14-1

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, uncontrolled long string inputs to ldapescape function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write...

CLSA-2024-1729626489 php: Fix of CVE-2024-8927

CVE-2024-8927: Fix bypass of cgi.forceredirect configuration...