BIT-PHP-2020-7062 Null Pointer Dereference in PHP Session Upload Progress

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.uploadprogress.cleanup is set to 0 disabled, and the file upload fails, the upload procedure would try to clean up data that does...

CVE-2024-25868

A Cross Site Scripting XSS vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the addtype.php component...

Adapt CMS 3.0.3 Cross Site Scripting / Shell Upload Vulnerabilities

Exploit Title: Stored XSS and RCE - adaptcmsv3.0.3 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Ubuntu 22.04 Blog: http://msecureltd.blogspot.com Description - It was found that adaptcms v3.0.3 was vulnerable to stored cross site scripting - Also the application allowed the file uploa...

Amazon Linux 2 : php (ALAS-2023-2375)

The version of php installed on the remote host is prior to 5.4.16-46. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2375 advisory. An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5...

SearchIQ < 4.5 - Unauthenticated Sensitive Information Disclosure

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the getSIQPluginSettings function, allowing unauthenticated attackers to view information such as the plugin settings, theme, and WordPress and PHP version...

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. 1. Ensure your WordPress...

php security update

8.0.30-1 - rebase to 8.0.30 - Resolves: RHEL-11946...

CVE-2023-43144

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php...

CVE-2023-41330

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...

CVE-2023-41330 Unsafe deserialization in knplabs/knp-snappy

knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...

Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload

Description The plugin does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. PoC NOTE: Because of an error in this version of the plugin, the following POC only works on PHP versions previous to 8.0. 1. As an...

CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE...

PHP < 8.0.30, 8.1.x < 8.1.22, 8.2.x < 8.2.9 Security Update - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

SEMCMS code problem vulnerability

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A code issue vulnerability exists in SEMCMS PHP version 3.7, which can be exploited by remote attackers to upload arbitrary files and gain escalated privileges...

PHP 8.2.x < 8.2.7 Information Disclosure

According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.29, 8.1.x prior to 8.1.20, or 8.2.x prior to 8.2.7. It is, therefore, affected by an information disclosure vulnerability. The random byte generation function used in the SOAP HTTP...

Bludit < 3.13.1 Backup Plugin - Arbitrary File Download (Authenticated) Exploit

-- coding: utf-8 -- /usr/bin/env python Exploit Title: Bludit 3.13.1 Backup Plugin - Arbitrary File Download Authenticated Date: 2022-07-21 Exploit Author: Antonio Cuomo arkantolo Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: 3.13.1 Tested on:...

Fedora 37 : php (2023-2b7eeaaee5)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-2b7eeaaee5 advisory. PHP version 8.1.20 08 Jun 2023 Core: Fixed bug GH-9068 Conditional jump or move depends on uninitialised values. nielsdos Fixed bug GH-11189 Exceeding memory...

Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization

The plugin does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP startBuffering; $phar-addFromString'test.png', 'text'; $phar-setStub"\xff\xd8\xff\n"; $phar-setMetadatanew Evil; $phar-stopBuffering; 2...