AZL-50172 CVE-2024-9026 affecting package php for versions less than 8.3.12-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

AZL-50132 CVE-2024-8927 affecting package php for versions less than 8.1.30-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, HTTPREDIRECTSTATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP...

AZL-50153 CVE-2024-8925 affecting package php for versions less than 8.1.30-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

AZL-50166 CVE-2024-8925 affecting package php for versions less than 8.3.12-1

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

PHP 环境问题漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.30, 8.2.24, and 8.3.12, which stems from a flaw in the parsing of the data content of multi-part forms, which could result in legitimate data being left unprocessed,...

The vulnerability of the PHP programming language, related to the execution of loops with an unavailable exit condition, allows attackers to cause service failures.

The vulnerability of the PHP programming language lies in the execution of a loop with an unavailable exit condition. Exploiting this vulnerability allows an attacker to cause a service failure...

The vulnerabilities of PHP and C database management systems like MongoDB allow attackers to gain increased privileges.

The vulnerabilities of PHP and C language drivers in the MongoDB database management system are related to lack of access control mechanisms. Exploiting these vulnerabilities can allow attackers to enhance their privileges...

PT-2024-39098 · Sourcecodester · Sourcecodester Php Crud

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP CRUD version 1.0 Description: A critical issue has been found in the Delete Person Handler component, specifically in the file /endpoint/delete.php. The manipulation of the person argument leads to SQL injection. This issue...

Raspcontrol 跨站脚本漏洞

Raspcontrol is a web control center written in PHP for the Raspberry Pi by Doug W., a personal developer. A cross-site scripting vulnerability exists in Raspcontrol version 1.0, which stems from a cross-site scripting XSS vulnerability via the parameter action in index.php...

OESA-2024-2061 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in SeaCMS version 13.0, which stems from the fact that the editing restrictions on files in...

CodeAstro Online Railway Reservation System 跨站脚本漏洞

CodeAstro Online Railway Reservation System is a full-featured CodeAstro project based on the Online Railway Reservation System project, which uses PHP language and MySQL database. A cross-site scripting vulnerability exists in CodeAstro Online Railway Reservation System version 1.0, which stems...

The vulnerability of the proc_open() function in the PHP interpreter allows attackers to execute arbitrary commands.

The vulnerability of the procopen function in the PHP programming language exists because measures to neutralize the special elements used in operating system commands have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

CVE-2024-40392

SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php...

Malicious code in shopify-app-template-php (npm)

--- -= Per source details. Do not edit below this line.=-...

WordPress plugin Universal Slider security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

AZL-42616 CVE-2024-2408 affecting package php for versions less than 8.3.8-1

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

AZL-42430 CVE-2024-5458 affecting package php for versions less than 8.1.29-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

AZL-42438 CVE-2024-5458 affecting package php for versions less than 8.3.8-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

Exploit for OS Command Injection in Php

Nuclei Template for CVE-2024-4577 This Nucle...