CVE-2024-53860

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

CVE-2023-3823 affecting package php for versions less than 8.1.22-1

CVE-2023-3823 affecting package php for versions less than 8.1.22-1. A patched version of the package is available...

CVE-2024-8932 affecting package php for versions less than 8.1.31-1

CVE-2024-8932 affecting package php for versions less than 8.1.31-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-8929 affecting package php for versions less than 8.1.31-1

CVE-2024-8929 affecting package php for versions less than 8.1.31-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-11234 affecting package php for versions less than 8.1.31-1

CVE-2024-11234 affecting package php for versions less than 8.1.31-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-11233 affecting package php for versions less than 8.1.31-1

CVE-2024-11233 affecting package php for versions less than 8.1.31-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-53860

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

CVE-2024-53860

CVE-2024-53860 concerns sp-php-email-handler, a PHP package for handling contact forms. The vulnerability allows anyone to specify arbitrary email recipients and inject user-provided content into confirmation emails, enabling abuse such as spam or phishing from the affected server and risking dom...

CVE-2024-8927 affecting package php for versions less than 8.3.12-1

CVE-2024-8927 affecting package php for versions less than 8.3.12-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-8927 affecting package php for versions less than 8.1.30-1

CVE-2024-8927 affecting package php for versions less than 8.1.30-1. An upgraded version of the package is available that resolves this issue...

Mageia: Security Advisory (MGASA-2024-0328)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-2b429e720e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-41924

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product m...

CVE-2024-41924

CVE-2024-41924 affects EC-CUBE 4 series (EC-CUBE CO.,LTD.). The issue is an improper input validation when installing plugins (CWE-349) that allows an attacker with administrative privileges to install an arbitrary PHP package due to acceptance of extraneous untrusted data with trusted data. If o...

CVE-2024-41924

Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product m...

JVN#48324254: EC-CUBE 4 Series improper input validation when installing plugins

EC-CUBE 4 series provided by EC-CUBE CO.,LTD improperly validates inputs when installing plugins CWE-349. Impact An attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some...

CVE-2024-5458 affecting package php for versions less than 8.3.8-1

CVE-2024-5458 affecting package php for versions less than 8.3.8-1. An upgraded version of the package is available that resolves this issue...

Mageia: Security Advisory (MGASA-2024-0262)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...