GHSA-4486-GXHX-5MG7 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

Summary PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as their CWD when launching PsySH, the attacker can trigger arbitrary code execution in the victim's context. When t...

PsySH code issue vulnerabilities

PsySH is a runtime console developed by Justin Hileman individually. Versions of PsySH prior to 0.11.23 and 0.12.19 have code vulnerabilities. These vulnerabilities stem from the automatic loading of the .psysh.php file from the current working directory, which may lead to arbitrary code executio...