GHSA-MHHP-C3CM-2R86 Test code in published microsoft-graph-core package exposes phpinfo()

Impact The Microsoft Graph Core PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph-core/tests/GetPhpInfo.php. The phpInfo function exposes system...

Test code in published microsoft-graph package exposes phpinfo()

Impact The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The...

GHSA-CGWQ-6PRQ-8H9Q Test code in published microsoft-graph package exposes phpinfo()

Impact The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The phpInfo function exposes system information. The...

CVE-2023-49283 Test code in published microsoft-graph-core package exposes phpinfo()

microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...

CVE-2023-49283 Test code in published microsoft-graph-core package exposes phpinfo()

microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...

CVE-2023-49283 Test code in published microsoft-graph-core package exposes phpinfo()

microsoft-graph-core the Microsoft Graph Library for PHP. The Microsoft Graph Beta PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at...

CVE-2023-49282 Test code in published microsoft-graph package exposes phpinfo()

msgraph-sdk-php is the Microsoft Graph Library for PHP. The Microsoft Graph PHP SDK published packages which contained test code that enabled the use of the phpInfo function from any application that could access and execute the file at vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php. The...

CVE-2023-49282

The CVE-2023-49282 issue affects the Microsoft Graph PHP SDK (msgraph-sdk-php) where test code GetPhpInfo.php invokes phpinfo(), exposing system configuration and environment details if the server misconfigures access (e.g., /vendor). Affected versions were patched in 1.109.1 and 2.0.0-RC5. Remed...

ownCloud Phpinfo Reader

Docker containers of ownCloud compiled after February 2023, which have version 0.2.0 before 0.2.1 or 0.3.0 before 0.3.1 of the app graph installed contain a test file which prints phpinfo to an unauthenticated user. A post file name must be appended to the URL to bypass the login filter. Docker m...

PT-2023-31150 · Microsoft · Msgraph-Sdk-Php

Name of the Vulnerable Software and Affected Versions: msgraph-sdk-php versions prior to 1.109.1 msgraph-sdk-php versions prior to 2.0.0-RC5 Description: The Microsoft Graph PHP SDK contains a vulnerability that exposes system information through the phpinfo function. This issue affects the...

PT-2023-31151 · Microsoft · Microsoft-Graph-Core

Name of the Vulnerable Software and Affected Versions: microsoft-graph-core versions prior to 2.0.2 Description: The Microsoft Graph Beta PHP SDK contains test code that enables the use of the phpInfo function from any application that can access and execute the file at...

Test code in published microsoft-graph package exposes phpinfo()

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-49282...

Test code in published microsoft-graph-core package exposes phpinfo()

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-49283...

ownCloud graphapi Information Disclosure Vulnerability

ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo via GetPhpInfo.php, including administrative credentials...

CVE-2023-26542

Cross-Site Request Forgery CSRF vulnerability in Exeebit phpinfo WP plugin = 4.0 versions...

CVE-2023-26542

CVE-2023-26542 is a CSRF vulnerability in the WordPress plugin “phpinfo() WP” (Exeebit phpinfo() WP plugin) affecting versions

CVE-2023-26542 WordPress phpinfo() WP Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Exeebit phpinfo WP plugin = 4.0 versions...

PT-2023-20718 · WordPress · Exeebit Phpinfo() Wp

Name of the Vulnerable Software and Affected Versions: Exeebit phpinfo WP plugin versions prior to 4.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web applicatio...

WordPress Plugin phpinfo() WP Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2023-49103

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment phpinfo. This information...