CVE-2026-34084 PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load

PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when the filename argument to IOFactory::load is user-controlled, an attacker can supply a PHP stream...

PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled

The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...

GHSA-Q4Q6-R8WH-5CGH PhpSpreadsheet has SSRF/RCE in IOFactory::load when $filename is user controlled

The usage of isfile, used to verify if the $filename is indeed an actual file, by all? Reader implementations inside the helper function File::assertFile is php-wrapper aware, for any php wrappers implementing stat. The 3 wrappers ftp://, phar:// and ssh2.sftp://, all satisfy this requirement - 2...

PT-2026-37096

Name of the Vulnerable Software and Affected Versions PhpSpreadsheet versions prior to 1.30.3 PhpSpreadsheet versions 2.0.0 through 2.1.14 PhpSpreadsheet versions 2.2.0 through 2.4.3 PhpSpreadsheet versions 3.3.0 through 3.10.3 PhpSpreadsheet versions 4.0.0 through 5.5.0 Description When the...

Directory traversal

Directory traversal vulnerability in ls.php in LittleSite aka LS or LittleSite.php 0.1 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a U...

CVE-2009-2263

Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathnam...

Directory traversal

Directory traversal vulnerability in index.php in Awesome PHP Mega File Manager 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathnam...

CVE-2008-3385

Directory traversal vulnerability in include/headchat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. dot dot in the content parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a U...

CVE-2007-6233

Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an...

Directory traversal

Directory traversal vulnerability in index.php in FTP Admin 0.1.0 allows remote authenticated users to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an...

CVE-2007-6233

CVE-2007-6233 affects FTP Admin 0.1.0. The vulnerability is a directory traversal in index.php, where a .. in the page parameter can cause local file inclusion/execution. This could allow an authenticated remote user to include/execute arbitrary local files; in some environments, UNC share paths ...

Directory traversal

Directory traversal vulnerability in scripts/include/showcontent.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share...

CVE-2007-6129

Directory traversal vulnerability in scripts/include/showcontent.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the id parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share...

CVE-2007-6129

CVE-2007-6129 affects Amber Script 1.0, where a directory traversal flaw in scripts/include/show_content.php allows remote attackers to include and execute arbitrary local files by supplying a .. in the id parameter. In some environments, this can enable remote file inclusion via UNC share paths ...

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 and earlier allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftps, 3 ssh2.sftp, or 4 ssh2.scp URL, in the page parameter, for which PHP remote file inclusion is blocked only for http, https...

CVE-2007-4886

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...

Design/Logic Flaw

Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and probably 2.x allows remote attackers to execute arbitrary PHP code via a 1 UNC share pathname, or a 2 ftp, 3 ftps, or 4 ssh2.sftp URL, in the pilih parameter, for which PHP remote file inclusion is blocked only for http URLs...