Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.29 views

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

More info at https://symfony.com/cve-2019-10912...

7.1CVSS7.2AI score0.02302EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.29 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

More info at https://www.drupal.org/sa-core-2020-007...

6.1CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/06/11 2:3 p.m.28 views

Arbitrary Code Execution through Improper Restriction of XML External Entity Reference (XXE) vulnerability

More info at https://helpx.adobe.com/security/products/magento/apsb24-40.html...

9.8CVSS6.8AI score0.99994EPSS
Exploits26Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/10/16 12:44 a.m.28 views

CVE-2023-40180 DDOS Vulnerability on GraphQL due to lack of protection against recursive queries

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-40180...

7.5CVSS7.2AI score0.00901EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/03/22 12:31 p.m.28 views

TYPO3-EXT-SA-2023-003: Cross-Site Scripting in extension "Fluid Components" (fluid_components)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-003...

5.8CVSS6.1AI score0.00512EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/02/21 8:31 a.m.28 views

TYPO3-EXT-SA-2023-002: Persisted Cross-Site Scripting in extension "Forms Export" (frp_form_answers)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-002...

6.1CVSS7.2AI score0.00424EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/12/13 9:19 a.m.28 views

TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-015...

8.8CVSS7.2AI score0.00785EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/12/13 9:18 a.m.28 views

TYPO3-CORE-SA-2022-012: Denial of Service in Page Error Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-012...

7.5CVSS7.2AI score0.00686EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/09/13 8:7 a.m.28 views

TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...

7.5CVSS7.2AI score0.01312EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/09/13 8:7 a.m.28 views

TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...

6.1CVSS7.2AI score0.00633EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/06/14 7:11 a.m.28 views

TYPO3-CORE-SA-2022-003: Cross-Site Scripting in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-003...

5.4CVSS7.2AI score0.00717EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/03/29 6:0 p.m.28 views

Path Disclosure within joomla/filesystem class

More info at https://developer.joomla.org/security-centre/871-20220302-core-path-disclosure-within-filesystem-error-messages.html...

5.3CVSS7.2AI score0.00871EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/03/29 6:0 p.m.28 views

Variable Tampering within joomla/input class

More info at https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html...

9.8CVSS7.2AI score0.01172EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/03/17 4:15 p.m.28 views

Path manipulation

Description matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. The issue was fixed in version 3.0.6. References https://nvd.nist.gov/vuln/detail/CVE-2021-43676 https://github.com/matyhtf/framework/issues/206 matyhtf/framework@2508460...

7.5CVSS1.7AI score0.01381EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/11/11 1:30 p.m.28 views

SQL Injection in Limit Clause Generation API

We have released a new version Doctrine DBAL 3.1.4 that fixes a critical SQL injection vulnerability in the LIMIT clause generation API provided by the Platform abstraction. We advise everyone using Doctrine DBAL 3.0.0 up to 3.1.3 to upgrade to 3.1.4 immediately. The vulnerability can happen when...

9.8CVSS9.7AI score0.02369EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/10/05 11:2 a.m.28 views

TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-015...

5.3CVSS7.2AI score0.0116EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/10/05 11:2 a.m.28 views

TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-015...

5.3CVSS7.2AI score0.0116EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/10/05 11:2 a.m.28 views

TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-014...

8.8CVSS7.2AI score0.00619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/03/16 9:1 a.m.28 views

TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-007...

5.4CVSS5.8AI score0.00872EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/03/16 8:57 a.m.28 views

TYPO3-CORE-SA-2021-003: Broken Access Control in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-003...

8.3CVSS8.5AI score0.01606EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/01/24 10:13 p.m.28 views

template_object Sandbox Escape PHP Code Injection

More info at https://srcincite.io/blog/2021/02/18/smarty-template-engine-multiple-sandbox-escape-vulnerabilities.html...

7.5CVSS7.2AI score0.09436EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/11/20 12:0 a.m.28 views

Potential file overwrite if archive filename starts with file://

I have submitted this to the PEAR bug tracker as well as the PEAR group mailing list, and I'm not sure if either has gone through, so opening an issue here with the hope that this is the right place for it. While auditing a separate application which uses ArchiveTar internally, I found that...

7.8CVSS7.8AI score0.84554EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/09/24 1:25 a.m.28 views

mw.message.parse() accepts javascript: protocol in wikilinks

More info at https://phabricator.wikimedia.org/T86738...

6.1CVSS7.2AI score0.01356EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/07/10 3:3 p.m.28 views

CVE-2020-6164: Information disclosure on /interactive URL path

More info at https://www.silverstripe.org/download/security-releases/cve-2020-6164/...

7.5CVSS7.2AI score0.018EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/07/03 5:45 p.m.28 views

SQL injection vulnerability in SearchController

More info at https://www.phpmyadmin.net/security/PMASA-2020-6/...

9.8CVSS7.2AI score0.67081EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/12/17 9:51 a.m.28 views

Insecure Deserialization in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

8.8CVSS7.2AI score0.01267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.28 views

PRODSECBUG-2410: Cross-Site Scripting via Dynamic block in the Page builder

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.28 views

PRODSECBUG-2348: Sensitive data disclosure via crafted two factor edit user form

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

4.9CVSS7.2AI score0.01163EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.28 views

PRODSECBUG-2337: Stored cross-site scripting in the catalog templates form

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.28 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/20 7:11 p.m.28 views

Potential RCE if filename starts with phar://

More info at https://pear.php.net/bugs/bug.php?id=23782...

6.8CVSS8.1AI score0.19207EPSS
Exploits5Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/03/28 7:30 p.m.28 views

Highly critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-002...

9.8CVSS7.2AI score0.99993EPSS
Exploits46Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/11/16 3:15 p.m.28 views

CVE-2017-16654: Intl bundle readers breaking out of paths

More info at https://symfony.com/cve-2017-16654...

7.5CVSS7.2AI score0.02677EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/11/15 8:53 a.m.28 views

SQL injection vulnerabililty in the back end search filter and the front end listing module

More info at https://contao.org/en/news/contao-3531.html...

9.8CVSS7.2AI score0.01178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/12/03 12:14 p.m.28 views

Incorrect signature verification

More info at https://simplesamlphp.org/security/201612-02...

6.3CVSS7.2AI score0.01188EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/05/09 9:34 p.m.28 views

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...

9.8CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.28 views

Form API ignores access restrictions on submit buttons

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.0136EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/08/03 3:13 p.m.28 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/07/01 2:20 p.m.28 views

Cross-Site Scripting in 3rd party library Flowplayer

More info at https://typo3.org/security/advisory/typo3-core-sa-2015-007...

4.3CVSS7.2AI score0.02405EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/05/22 9:33 a.m.28 views

Improper Session Invalidation

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

5.8CVSS7.2AI score0.01308EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/05/22 9:33 a.m.28 views

Information disclosure in the Extbase framework

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

4CVSS7.2AI score0.01118EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/26 10:13 p.m.28 views

XEE issue that could expose local files or easily trigger a DOS attack.

XXE security issue. Issue 414...

7.5CVSS6.2AI score0.02228EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

XSS vulnerability on asset view

Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...

7.1CVSS5.7AI score0.00604EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

CVE-2019-10911: Add a separator in the remember me cookie hash

More info at https://symfony.com/cve-2019-10911...

7.5CVSS7.2AI score0.01243EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

CVE-2019-12186: XSS injection in the Grid component

More info at https://sylius.com/blog/cve-2019-12186/...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

Use of a Broken or Risky Cryptographic Algorithm

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

3.5CVSS3.9AI score0.00458EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

CVE-2024-50340: Ability to change environment from query

More info at https://symfony.com/cve-2024-50340...

7.3CVSS6.6AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

Authentication bypass via attacker provided openid server

Description Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These a...

2.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

Information disclosure in the back end

More info at https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html...

5.3CVSS7.2AI score0.0088EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/09/17 8:41 a.m.27 views

TYPO3-EXT-SA-2024-007: Insecure Direct Object Reference in extension "powermail" (powermail)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2024-007...

7.5CVSS6.8AI score0.00485EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702