Astra Linux - уязвимость в php8.1, php7.3

In PHP versions 8.1. before 8.1.29, and 8.2. before 8.2.20, and 8.3. before 8.3.8, due to a code logic error, filtering functions such as filterVar when validating URLs using FILTERVALIDATEURL will result in invalid user information such as username and password parts of URLs being treated as val...

CVE-2026-5261

Affected product: Shandong Hoteam InforCenter PLM up to version 8.3.8. Vulnerable component: the function uploadFileToIIS in /Base/BaseHandler.ashx. Root cause: manipulation of the File argument enables unrestricted upload, enabling remote exploitation. Public exploit exists. No remediation detai...

EUVD-2026-15544

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8...

WordPress plugin WoodMart 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-4038

Name of the Vulnerable Software and Affected Versions TaxCloud for WooCommerce versions through 8.3.8 Description An authorization issue exists in TaxCloud for WooCommerce simple-sales-tax, allowing exploitation of incorrectly configured access control security levels. Recommendations Update...

php: Filter bypass in filter_var (FILTER_VALIDATE_URL)

A flaw was found in PHP. An early return in the filtervar FILTERVALIDATEURL function results in invalid user information username + password part of URLs being treated as valid user information. This issue impacts users who expect only completely valid URLs to be returned by filtervar...

CVE-2022-31627 affecting package php for versions less than 8.3.8-1

CVE-2022-31627 affecting package php for versions less than 8.3.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-1874 affecting package php for versions less than 8.3.8-1

CVE-2024-1874 affecting package php for versions less than 8.3.8-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-5585 affecting package php for versions less than 8.3.8-1

CVE-2024-5585 affecting package php for versions less than 8.3.8-1. An upgraded version of the package is available that resolves this issue...

PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)

Exploit Title: PHP Windows Remote Code Execution Unauthenticated Exploit Author: Yesith Alvarez Vendor Homepage: https://www.php.net/downloads.php Version: PHP 8.3, ',...

Fedora 40 : php (2024-49aba7b305)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49aba7b305 advisory. PHP version 8.3.8 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...

PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP, which stems from a code logic error, where a filter function validating URLs incorrectly treats invalid user information containing username and password sections as valid user information for...

PT-2024-4988 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions 8.1. before 8.1.29 PHP versions 8.2. before 8.2.20 PHP versions 8.3. before 8.3.8 Description: The issue arises from insufficient escaping when using the proc open function with array syntax, allowing a malicious user to supply...

CVE-2020-13378

Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code...

CVE-2022-30770

CVE-2022-30770 affects Terminalfour: versions 8.3.7, 8.3.x before 8.3.8, and 8.2.x before 8.2.18.5 or 8.2.18.2.1 are vulnerable to a cross-site scripting (XSS) flaw that could mislead an administrator and steal credentials. Root cause is an XSS vulnerability in Terminalfour’s web interface. Remed...

CVE-2021-24123

Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images such as the ones from Podcast Artwork section, allowing high privilege accounts admin+ being able to upload arbitrary files, such as php, leading to RCE...

Wordpress PowerPress 代码问题漏洞

Wordpress PowerPress is Wordpress open source an application plugin . Provides a blog plugin functionality. WordPress PowerPress plugin before 8.3.8 A code issue vulnerability exists that allows arbitrary file uploads...

CVE-2019-18636

A cross-site scripting XSS vulnerability in Jitbit .NET Forum aka ASP.NET forum 8.3.8 allows remote attackers to inject arbitrary web script or HTML via the gravatar URL parameter...

Foxit PhantomPDF Multiple Vulnerabilities (Nov 2018) - Windows

Foxit PhantomPDF is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:foxitsoftware:phantompdf";...

postgresql: substring() negative length argument buffer overflow

The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL 8.0.23, 8.1.11, and 8.3.8 allows remote authenticated users to cause a denial of service daemon crash or have unspecified other impact via vectors involving a negative integer in the third argument, as demonstrated by a SELECT...