UBUNTU-CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2026-23643

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

PT-2026-3322

CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed in 5.2.12 and 5.3.1...

CVE-2024-13666 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder <= 5.2.12 - IP-Spoofing

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.12 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for...

CVE-2019-5070

An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...

UBUNTU-CVE-2016-2228

Cross-site scripting XSS vulnerability in horde/templates/topbar/menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to...

PHP <5.2.12 htmlspecialcharacters()畸形多字节字符跨站脚本攻击漏洞

No description provided by source...

DSA-2001-1 php5 - multiple vulnerabilities

Bulletin has no description...

PHP 5.2.12 / 5.3.1 symlink() open_basedir Bypass

This is exploit from Security Audit Lab - SecurityReason labs. Author : Maksymilian Arciemowicz Script for legal use only. PHP 5.2.12 5.3.1 symlink openbasedir bypass More: SecurityReason '; ifempty$file exit; if!iswritable"." die"not writable directory"; $level=0; for$as=0;$as$fakedep;$as++...

PHP 5.2.x < 5.2.12 Multiple Vulnerabilities

Binary data 5281.prm...

PHP < 5.2.12 Multiple Vulnerabilities

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; ifdescription...

PHP 5.2.11 - &#039;htmlspecialCharacters()&#039; Malformed Multibyte Character Cross-Site Scripting (2)

source: https://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Design/Logic Flaw

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service resource exhaustion, and makes it easier for remote attackers to exploit local file inclusi...

CVE-2009-4017

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service resource exhaustion, and makes it easier for remote attackers to exploit local file inclusi...