Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...

6.3CVSS6.1AI score0.04086EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

CVE-2023-48714 Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-48714...

4.3CVSS7.2AI score0.00355EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

More info at https://www.drupal.org/sa-core-2020-009...

6.1CVSS7.2AI score0.00681EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

RCE vulnerability in "cookie" session driver

More info at https://blog.laravel.com/laravel-cookie-security-releases...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

Moderately critical - Cross Site Scripting - SA-CORE-2019-004

More info at https://www.drupal.org/SA-CORE-2019-004...

5.4CVSS7.2AI score0.12408EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...

6.1CVSS5.8AI score0.00799EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

CVE-2019-10910: Check service IDs are valid

More info at https://symfony.com/cve-2019-10910...

9.8CVSS7.2AI score0.0595EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

CVE-2026-45067: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

More info at https://symfony.com/cve-2026-45067...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/08/27 6:55 a.m.•26 views

TYPO3-EXT-SA-2024-006: Multiple vulnerabilities in "powermail" (powermail)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2024-006...

7.3CVSS6.8AI score0.00297EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/02/01 8:0 a.m.•26 views

CVE-2022-24895: Possible CSRF token fixation

More info at https://symfony.com/cve-2022-24895...

8.8CVSS7.2AI score0.0079EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/12/13 10:14 a.m.•26 views

TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-018...

6.5CVSS7.2AI score0.00364EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/12/13 9:18 a.m.•26 views

TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-013...

6.5CVSS7.2AI score0.00479EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/09/13 8:6 a.m.•26 views

TYPO3-CORE-SA-2022-008: Missing check for expiration time of password reset token for backend users

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-008...

5.4CVSS7.2AI score0.00735EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/14 7:11 a.m.•26 views

TYPO3-CORE-SA-2022-002: Information Disclosure via Exception Handling/Logger

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-002...

6.5CVSS7.2AI score0.01047EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/09 9:36 p.m.•26 views

Failure to strip the Cookie header on change in host or HTTP downgrade

Impact Cookie headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward...

7.5CVSS7.5AI score0.0182EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/09 9:36 p.m.•26 views

Fix failure to strip Authorization header on HTTP downgrade

Impact Authorization headers on requests are sensitive information. On making a request using the https scheme to a server which responds with a redirect to a URI with the http scheme, we should not forward the Authorization header on. This is much the same as to how we don't forward on the heade...

7.5CVSS7.4AI score0.0182EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/03/29 6:0 p.m.•26 views

XSS within joomla/filter class

More info at https://developer.joomla.org/security-centre/877-20220308-core-inadequate-content-filtering-within-the-filter-code.html...

6.1CVSS7.2AI score0.0065EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/01/29 12:0 p.m.•26 views

CVE-2022-23601: CSRF token missing in forms

More info at https://symfony.com/cve-2022-23601...

8.8CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/06/21 5:0 p.m.•26 views

Form validation can be skipped in neos/form

Impact By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. We consider the severity low because it is not possible to change any form values since the form state is secured with an HMAC that is still verified. That means that...

6.5CVSS5.9AI score0.01124EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/16 8:58 a.m.•26 views

TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-005...

7.5CVSS7.8AI score0.01731EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/17 8:50 a.m.•26 views

TYPO3-CORE-SA-2020-011: Cleartext storage of session identifier

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-011...

8.1CVSS7.2AI score0.00666EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/09/24 1:38 a.m.•26 views

Unescaped message used in HTML on Special:Contributions

More info at https://phabricator.wikimedia.org/T255918...

6.1CVSS7.2AI score0.01104EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/10 5:54 p.m.•26 views

CVE-2020-6165: Limited queries break CanViewPermissionChecker

More info at https://www.silverstripe.org/download/security-releases/cve-2020-6165...

5.3CVSS7.2AI score0.01066EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•26 views

TYPO3-CORE-SA-2020-003: Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-003...

5.4CVSS7.2AI score0.0054EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•26 views

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

8.1CVSS7.2AI score0.01148EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 1:49 p.m.•26 views

CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to

More info at https://www.silverstripe.org/download/security-releases/cve-2020-9280/...

7.5CVSS7.2AI score0.01686EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/02/19 11:55 a.m.•26 views

CVE-2019-5715: Reflected SQL Injection through Form and DataObject

More info at https://www.silverstripe.org/download/security-releases/ss-2018-021...

9.8CVSS7.2AI score0.01564EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/25 11:46 a.m.•26 views

CVE-2018-11385: Session Fixation Issue for Guard Authentication

More info at https://symfony.com/cve-2018-11385...

8.1CVSS7.2AI score0.02014EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/04/26 7:38 p.m.•26 views

Trusted-Directory Bypass via Path Traversal

Smarty Trusted-Directory Bypass via Path Traversal Vulnerability Overview Smarty 3.1.32 or below is prone to a path traversal vulnerability due to insufficient sanitization of code in Smarty templates. This allows attackers controlling the Smarty template to bypass the trusted directory security...

7.5CVSS8.6AI score0.03463EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/04/26 7:38 p.m.•26 views

Trusted-Directory Bypass via Path Traversal

if you enable secrity .$trusteddir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they...

7.1CVSS7.2AI score0.02664EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/04/17 7:15 a.m.•26 views

Information disclosure of source code

More info at https://simplesamlphp.org/security/202004-01...

3.5CVSS7.2AI score0.00922EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/03/20 2:0 p.m.•26 views

Possibility of manipulated condition when unfiltered input is passed to `yii\elasticsearch\ActiveRecord::findOne()` and `::findAll()`

More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...

8.1CVSS7.2AI score0.0152EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•26 views

External link injection on 404 pages when linking to the current page.

More info at https://www.drupal.org/SA-CORE-2018-001...

5.8CVSS7.2AI score0.01196EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/01/31 10:34 a.m.•26 views

Open redirection protection bypass

More info at https://simplesamlphp.org/security/201801-02...

6.1CVSS7.2AI score0.0086EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/01/22 8:41 a.m.•26 views

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

7.5CVSS7.2AI score0.02859EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/16 3:12 p.m.•26 views

CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS

More info at https://symfony.com/cve-2017-16653...

5.9CVSS7.2AI score0.01472EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/10/25 10:54 a.m.•26 views

Signature validation bypass (SAML 1.1)

More info at https://simplesamlphp.org/security/201710-01...

8.1CVSS7.2AI score0.01119EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/08/16 5:10 p.m.•26 views

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

7.4CVSS7.2AI score0.02102EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/07/26 12:41 a.m.•26 views

Object injection

SECURITY Fix potential object injection vulnerability. CVE-2018-19296. Reported by Sehun Oh of cyberone.kr. Added Tagalog translation, thanks to @StoneArtz Added Malagache translation, thanks to @Hackinet Updated Serbian translation, fixed incorrect language code, thanks to @mmilanovic4 Updated...

8.8CVSS9AI score0.02211EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/06 5:1 p.m.•26 views

Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select

More info at https://framework.zend.com/security/advisory/ZF2016-02...

9.8CVSS7.2AI score0.02047EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/06/15 8:59 p.m.•26 views

Views can allow unauthorized users to see Statistics information

More info at https://www.drupal.org/SA-CORE-2016-002...

5.3CVSS7.2AI score0.02212EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/05/09 9:34 p.m.•26 views

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...

9.8CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/05/09 9:13 p.m.•26 views

CVE-2016-4423: Large username storage in session

More info at https://symfony.com/cve-2016-4423...

7.5CVSS7.2AI score0.01862EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/03/07 1:4 p.m.•26 views

Information leakage issue in the sanitycheck module

More info at https://simplesamlphp.org/security/201603-01...

5.3CVSS7.2AI score0.01339EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•26 views

Open redirect via path manipulation

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.0192EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/03/12 1:58 p.m.•26 views

Invalid CSRF validation of null or incorrectly formatted token identifiers

More info at https://framework.zend.com/security/advisory/ZF2015-03...

8.8CVSS8.9AI score0.00656EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/16 10:0 p.m.•26 views

SQL injection vector when manually quoting values for sqlsrv extension, using null byte

More info at https://framework.zend.com/security/advisory/ZF2014-06...

9.8CVSS7.2AI score0.0255EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/03 7:40 a.m.•26 views

Direct access of ESI URLs behind a trusted proxy

More info at https://symfony.com/cve-2014-5245...

7.2AI score0.00812EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•26 views

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

0.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•26 views

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

6.8CVSS8.8AI score0.02395EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702