Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.26 views

PHP file inclusion via insert tags

More info at https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html...

7.2CVSS7.2AI score0.01254EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.26 views

Insert tag injection in front end forms

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.26 views

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

More info at https://symfony.com/cve-2019-10912...

7.1CVSS7.2AI score0.02302EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.26 views

CVE-2018-14773: Remove support for legacy and risky HTTP headers

More info at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers...

6.5CVSS7.2AI score0.58061EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.26 views

CVE-2019-18889: Forbid serializing AbstractAdapter and TagAwareAdapter instances

More info at https://symfony.com/cve-2019-18889...

9.8CVSS7.2AI score0.33247EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/05/20 10:0 a.m.25 views

TYPO3-EXT-SA-2025-007: Multiple vulnerabilities in extension "Backup Plus" (ns_backup)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-007...

8.6CVSS7.2AI score0.00301EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/12/13 3:51 p.m.25 views

Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page

Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page Vulnerability Overview The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. Identifier :...

8CVSS5.5AI score0.00575EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/06/07 3:48 p.m.25 views

Microweber Business Logic Errors

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6566...

4.6CVSS7.2AI score0.00487EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/04/25 11:24 p.m.25 views

CVE-2023-22728 - Missing permission check in GridFieldPrintButton

More info at https://www.silverstripe.org/download/security-releases/cve-2023-22728...

4.3CVSS7.2AI score0.00486EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/12/13 9:19 a.m.25 views

TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-014...

5.4CVSS7.2AI score0.004EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/06/27 5:27 a.m.25 views

CVE-2022-28803: Stored XSS in link tags added via XHR

More info at https://www.silverstripe.org/download/security-releases/cve-2022-28803...

5.4CVSS7.2AI score0.00513EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/06/27 5:27 a.m.25 views

CVE-2022-25238: Stored XSS via HTML fields

More info at https://www.silverstripe.org/download/security-releases/cve-2022-25238...

5.4CVSS7.2AI score0.00641EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/06/14 7:11 a.m.25 views

TYPO3-CORE-SA-2022-005: Insufficient Session Expiration in Admin Tool

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-005...

7.2CVSS7.2AI score0.01165EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/02/23 4:4 p.m.25 views

Multi-Factor Authentication issue in Laravel Fortify

Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept...

8.1CVSS8AI score0.00931EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/02/04 6:52 a.m.25 views

Disallow non closures in the sort filter

More info at https://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter...

9.8CVSS7.2AI score0.08209EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/10/05 5:18 a.m.25 views

CVE-2021-36150 - Insert from files link text - Reflective (self) Cross Site Scripting

More info at https://www.silverstripe.org/download/security-releases/CVE-2021-36150...

6.1CVSS7.2AI score0.00793EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/07/20 9:15 a.m.25 views

TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-012...

6.5CVSS7.2AI score0.00829EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/04/27 11:10 a.m.25 views

Missing argument delimiter can lead to command execution via VCS repository URLs or source download URLs on systems with Mercurial

URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow commands to be executed in the HgDriver if hg/Mercurial is installed on the system. Impact - The impact to Composer users directly is limit...

8.8CVSS9AI score0.04849EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/03/16 9:1 a.m.25 views

TYPO3-CORE-SA-2021-007: Cross-Site Scripting in Content Preview

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-007...

5.4CVSS5.8AI score0.00872EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/03/16 8:57 a.m.25 views

TYPO3-CORE-SA-2021-001: Open Redirection in Login Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-001...

6.1CVSS6.5AI score0.01104EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/05/12 9:21 a.m.25 views

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

8.8CVSS7.2AI score0.00699EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/05/12 9:21 a.m.25 views

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-005...

8.8CVSS7.2AI score0.0199EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/05/12 9:21 a.m.25 views

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-002...

5.4CVSS7.2AI score0.0054EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/03/26 2:2 p.m.25 views

makeCollapsible allows applying event handler to any CSS selector

More info at https://phabricator.wikimedia.org/T246602...

5.3CVSS7.2AI score0.01123EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/08/15 7:16 p.m.25 views

Exposed suppressed username via Special:Redirect

More info at https://phabricator.wikimedia.org/T230402...

5.3CVSS7.2AI score0.01768EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.25 views

PRODSECBUG-2322: Arbitrary code execution due to unsafe handling of a shipping gateway

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01438EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.25 views

PRODSECBUG-2267: Use of insufficiently random values when generating initialization vector

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.01186EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.25 views

PRODSECBUG-2172: Insecure user credential storage

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.00738EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/07 9:42 a.m.25 views

Possible Arbitrary Code Execution in Image Processing

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-012...

9.3CVSS7.2AI score0.03917EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/04/09 12:21 p.m.25 views

Confirming an opt-in token does not invalidate previous opt-in tokens

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10643.html...

9.8CVSS7.2AI score0.01254EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/03/12 12:35 p.m.25 views

Sandbox Information Disclosure

More info at https://symfony.com/blog/twig-sandbox-information-disclosure...

4.3CVSS7.2AI score0.01405EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/01/22 8:41 a.m.25 views

Cross-Site Scripting in Bootstrap CSS toolkit

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-006...

6.1CVSS9.7AI score0.04293EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/01/15 5:30 p.m.25 views

CVE-2019-1000011: Access control bypass in GraphQL mutations

| Q | A | ------------- | --- | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | 2364 | License | MIT | Doc PR | This prevents passing IRIs belonging to different resource classes, which would bypass access control in some instances s...

6.5CVSS6.3AI score0.01024EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/25 11:46 a.m.25 views

CVE-2018-11386: Denial of service when using PDOSessionHandler

More info at https://symfony.com/cve-2018-11386...

5.9CVSS7.2AI score0.01607EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/04/18 9:23 a.m.25 views

Cross-site scripting (XSS) vulnerability in the system log of the back end

More info at https://contao.org/en/news/contao-4418.html...

6.1CVSS6.5AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/03/20 10:14 a.m.25 views

Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()`

More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...

9.8CVSS7.2AI score0.01363EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/02/20 9:35 p.m.25 views

jQuery vulnerability with untrusted domains.

More info at https://www.drupal.org/SA-CORE-2018-001...

6.1CVSS7.2AI score0.01247EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/05/05 10:46 a.m.25 views

Session fixation and authentication bypass (authcrypt module)

More info at https://simplesamlphp.org/security/201705-01...

9.8CVSS7.2AI score0.02133EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/03/30 9:51 a.m.25 views

Incorrect IV generation for encryption

More info at https://simplesamlphp.org/security/201703-02...

5.9CVSS7.2AI score0.00486EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/03/15 8:19 p.m.25 views

Some admin paths were not protected with a CSRF token

More info at https://www.drupal.org/SA-2017-001...

7.5CVSS7.2AI score0.0078EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/12/29 10:1 a.m.25 views

Remote Code Execution when using the mail transport

More info at https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html...

9.8CVSS9.7AI score0.41827EPSS
Exploits18Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/12/12 12:13 p.m.25 views

Incorrect persistent NameID generation

More info at https://simplesamlphp.org/security/201612-04...

9.8CVSS7.2AI score0.01656EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/11/29 1:12 p.m.25 views

Incorrect signature verification

More info at https://simplesamlphp.org/security/201612-01...

9.1CVSS7.2AI score0.02424EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/10/04 3:39 p.m.25 views

Vulnerability to Response Wrapping attacks resulting in a malicious user gaining unauthorized access to a system.

Improve Signature validation process. Validates NameID only if strict is enabled...

6.5AI score0.00262EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.25 views

Open redirect via double-encoded 'destination' parameter

More info at https://www.drupal.org/SA-CORE-2016-001...

7.4CVSS7.2AI score0.01352EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 11:45 a.m.25 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/01 10:15 a.m.25 views

Multiple CRLF injection vulnerabilities

This release contains an important security update. Security update Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

5CVSS9.4AI score0.01988EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/19 5:40 p.m.25 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/07 8:16 a.m.25 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/02/12 1:44 p.m.25 views

A directory traversal vulnerability allows back end users to view files outside their document root

More info at https://contao.org/en/news/directory-traversal-vulnerability-cve-2015-0269.html...

4.3CVSS5AI score0.01419EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702