CVE-2023-0677

Cross-site Scripting XSS - Reflected in GitHub repository phpipam/phpipam prior to v1.5.1...

15-Year-Old Bug in PEAR PHP Repository Could've Enabled Supply Chain Attacks

A 15-year-old security vulnerability has been disclosed in the PEAR PHP repository that could permit an attacker to carry out a supply chain attack, including obtaining unauthorized access to publish rogue packages and execute arbitrary code. "An attacker exploiting the first one could take over...