PHP 7.4.x < 7.4.11 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...

PHP 7.3.x < 7.3.23 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.34, 7.3.x prior to 7.3.23 or 7.4.x prior to 7.4.11. It is, therefore, affected by multiple vulnerabilities: - When AES-CCM mode is used with opensslencrypt function with 12 byt...

PHP 7.4.x < 7.4.9 Use After Free Vulnerability

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.33, 7.3.x prior to 7.3.21 or 7.4.x prior to 7.4.9. It is, therefore, affected by a use after free vulnerability in the pharparse function due to mishandling of the actualalias...

Fedora 31 : php (2020-94763cb98b)

PHP version 7.3.23 01 Oct 2020 Core: - Fixed bug php80048 Bug php69100 has not been fixed for Windows. cmb - Fixed bug php80049 Memleak when coercing integers to string via variadic argument. Nikita - Fixed bug php79699 PHP parses encoded cookie names so malicious Host- cookies can be sent...

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

Boom! Mobile Customer Data Lost to Fullz House/Magecart Attack

Boom! Mobile’s U.S. website recently fell victim to an e-commerce attack, putting online shoppers in danger of payment-card theft, researchers said. Boom! is a wireless provider that resells mobile phone plans from Verizon, AT&T and T-Mobile USA, under its own brand and with its own perks the...

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with opensslencrypt function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data...

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host confused with cookies that decode to such prefix, thus leading to an attacker being...

CVE-2020-11579

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php part of the installation process allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled...

CVE-2020-23984

Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags...

Cross site scripting

Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags...

SQL Injection Vulnerability in YCCMS Backend (CNVD-2020-53330)

YCCMS is a PHP version of a lightweight CMS builder. There is a SQL injection vulnerability in the background of YCCMS, which can be exploited by attackers to obtain sensitive database information...

PHP 7.2.x < 7.2.32 / 7.3.x < 7.3.20 / 7.4.x < 7.4.8 Information Disclosure

According to its self-reported version number, the version of PHP running on the remote Windows web server is 7.2.x prior to 7.2.32, 7.3.x prior to 7.3.20 or 7.4.x prior to 7.4.8. It is, therefore, affected by an information disclosure vulnerability. The libcurl library can be tricked to prepend ...

PHP 7.2.x < 7.2.30 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.30, 7.3.x prior to 7.3.17, or 7.4.x prior to 7.4.5. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read error exists in urldecode due to improper data validation checks. An...

8x8: PHPinfo page on http://█████.callstats.io

PHPInfo file was exposed on legacy system. phpinfo was available at callstats.io subdomain. It disclosing information on a server and PHP version information...

Command Execution Vulnerability in PHP Version of Nettie CMS of Fuzhou Nettie Software Technology Co.

Nettitanium CMS OTCMS PHP version based on PHP + sqlite/mysql technical architecture, UTF-8 coding, not only can be applied to a wide range of news/article publishing type of website, but also applicable to corporate websites. A command execution vulnerability exists in the PHP version of Fuzhou...

Fedora 31 : php (2020-8838d072d5)

PHP version 7.3.18 14 May 2020 Core: - Fixed bug php78875 Long filenames cause OOM and temp files are not cleaned. CVE-2019-11048 cmb - Fixed bug php78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned. CVE-2019-11048 cmb - Fixed bug php79434 PHP 7.3 and PHP-7.4...

Fedora 30 : php (2020-9fa7f4e25c)

PHP version 7.3.18 14 May 2020 Core: - Fixed bug php78875 Long filenames cause OOM and temp files are not cleaned. CVE-2019-11048 cmb - Fixed bug php78876 Long variables in multipart/form-data cause OOM and temp files are not cleaned. CVE-2019-11048 cmb - Fixed bug php79434 PHP 7.3 and PHP-7.4...

PHP 7.2.x < 7.2.31 / 7.3.x < 7.3.18, 7.4.x < 7.4.6 Denial of Service (DoS)

According to its self-reported version number, the version of PHP running on the remote web server is 7.2.x prior to 7.2.31, 7.3.x prior to 7.3.18 or 7.4.x prior to 7.4.6. It is, therefore, affected by a denial of service DoS vulnerability in its HTTP file upload component due to a failure to cle...