CVE-2024-35776

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo WP.This issue affects phpinfo WP: from n/a through 5.0...

CVE-2024-35776 WordPress phpinfo() WP plugin <= 5.0 - Unauthenticated Data Exposure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Exeebit phpinfo WP.This issue affects phpinfo WP: from n/a through 5.0...

CVE-2024-35776

CVE-2024-35776 describes an Unauthenticated Information Exposure in the phpinfo() WP plugin, exposing sensitive data to unauthorized actors. Affected: phpinfo() WP from unknown/n/a up to version 5.0. Public docs in the connected set reiterate this description; no concrete exploit details or remed...

WordPress plugin phpinfo WP Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

WordPress phpinfo() WP plugin <= 5.0 - Unauthenticated Data Exposure vulnerability

Unauthenticated Data Exposure vulnerability discovered by LuxF0z Patchstack Alliance in WordPress Plugin phpinfo WP versions = 5.0...

WordPress phpinfo() WP Plugin <= 5.0 is vulnerable to Sensitive Data Exposure

Software phpinfo WP Type Plugin Vulnerable versions = 5.0 Fixed in 6.0 OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2024-35776 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID fed75fba8383 Credits LuxF0z Required privilege...

SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled...

GHSA-PPM4-R2VC-PG74 SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled...

PT-2024-40406 · Unknown · Simplesamlphp

Name of the Vulnerable Software and Affected Versions: SimpleSAMLphp versions 1.17 up to 1.17.7 Description: The issue concerns an endpoint in the admin module of SimpleSAMLphp that exposes the output of the phpinfo PHP function, allowing any individual to access it without authenticating and...

GHSA-XMP3-7745-G4VJ ezsystems/ez-support-tools Failing access control in system info view

This Security Advisory is about a vulnerability in ezsystems/ez-support-tools v2.2, part of Ibexa DXP v3.2. Older versions are not affected. A user having insufficient permissions is able to access the system information tabs if they type in the direct link the link is not shown in the menu. The...

ezsystems/ez-support-tools Failing access control in system info view

This Security Advisory is about a vulnerability in ezsystems/ez-support-tools v2.2, part of Ibexa DXP v3.2. Older versions are not affected. A user having insufficient permissions is able to access the system information tabs if they type in the direct link the link is not shown in the menu. The...

Uniform Server Zero 安全漏洞

Uniform Server Zero is a free and lightweight WAMP server solution for Windows from the Uniform Server team. A security vulnerability exists in Uniform Server Zero version 10.2.5, which stems from a cross-site scripting vulnerability in the /usextra/phpinfo.php page...

Craft CMS 4.4.14 - Unauthenticated Remote Code Execution Exploit

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on: Craft CMS 4.4.14...

Craft CMS 4.4.14 Remote Code Execution

!/usr/bin/env python3 coding: utf-8 Exploit Title: Craft CMS unauthenticated Remote Code Execution RCE Date: 2023-12-26 Version: 4.0.0-RC1 - 4.4.14 Vendor Homepage: https://craftcms.com/ Software Link: https://github.com/craftcms/cms/releases/tag/4.4.14 Tested on: Ubuntu 22.04.3 LTS Tested on:...

Information Disclosure

microsoft/microsoft-graph-core is vulnerable to Information Disclosure. The vulnerability is due to the inclusion of test code that enables the use of the phpInfo function, specifically through the GetPhpInfo.php script, which can expose sensitive system information if the server is misconfigured...

ownCloud Phpinfo Reader Exploit

Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...

Design/Logic Flaw

microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...

Design/Logic Flaw

msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...

Test code in published microsoft-graph-beta package exposes phpinfo()

Impact The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-beta/tests/GetPhpInfo.php. The phpInfo function exposes system...

GHSA-7MC6-X925-7QVX Test code in published microsoft-graph-beta package exposes phpinfo()

Impact The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-beta/tests/GetPhpInfo.php. The phpInfo function exposes system...