8 matches found
EUVD-2023-30091
Malicious code in bioql PyPI...
CVE-2023-26267
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...
CVE-2023-26267
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...
Xxe
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...
CVE-2023-26267
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...
CVE-2023-26267
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXMLDTDLOAD | \LIBXMLDTDATTR...
php-saml-sp 代码问题漏洞
php-saml-sp is a SAML Service Provider SP. SAML authentication can be used from existing PHP applications. A security vulnerability exists in php-saml-sp versions prior to 2.1.1 2.x, 1.1.1 1.x and prior to 1.1.1 1.x, which originated from a vulnerability that allows arbitrary files to be read as...
CVE-2023-26267
The vulnerability CVE-2023-26267 affects php-saml-sp in versions before 1.1.1 and 2.x before 2.1.1. It allows reading arbitrary files as the webserver user because XML external entities are silently resolved via LIBXML_DTDLOAD and LIBXML_DTDATTR. No exploitation details are provided in the source...