Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2018/01/18 9:14 a.m.•24 views

XSS vulnerabililty in the front end "unsubscribe" module of the newsletter extension

More info at https://contao.org/en/news/contao-3532.html...

6.1CVSS7.2AI score0.00411EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/08/16 5:10 p.m.•24 views

Entity access bypass for entities that do not have UUIDs or have protected revisions.

More info at https://www.drupal.org/SA-CORE-2017-004...

9.8CVSS7.2AI score0.03017EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/07/12 7:10 a.m.•24 views

A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter

More info at https://contao.org/en/news/contao-3528.html...

8.8CVSS7.2AI score0.01962EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•24 views

File upload access bypass and denial of service

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.0159EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•24 views

Brute force amplification attacks via XML-RPC

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.01426EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•24 views

Brute force amplification attacks via XML-RPC

More info at https://www.drupal.org/SA-CORE-2016-001...

7.5CVSS7.2AI score0.01426EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•24 views

HTTP header injection using line breaks

More info at https://www.drupal.org/SA-CORE-2016-001...

5.9CVSS7.2AI score0.01179EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•24 views

Email address can be matched to an account

More info at https://www.drupal.org/SA-CORE-2016-001...

5.3CVSS7.2AI score0.0215EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/10 2:51 p.m.•24 views

Composer Cache Injection vulnerability

More info at http://flyingmana.de/blogen/2016/02/14/composercacheinjectionvulnerabilitycve20158371.html...

8.8CVSS7.2AI score0.00697EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/01/14 9:48 a.m.•24 views

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

7.5CVSS7.2AI score0.01907EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/12/07 12:7 a.m.•24 views

Denial Of Service Vector

This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...

8.8CVSS7.6AI score0.39374EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/07/24 12:41 a.m.•24 views

Security Misconfiguration Vulnerability in the AWS SDK for PHP

SECURITY FIX: This release addresses a security issue associated with CVE-2015-5723, specifically, fixes improper default directory umask behavior that could potentially allow unauthorized modifications of PHP code. Thanks to @ryan-lane for the initial report. - Aws\Ec2 - Added support for...

7.8CVSS7.7AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/08/17 7:55 a.m.•24 views

Validation metadata serialization and loss of information

More info at https://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released...

8.1CVSS7.2AI score0.01445EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

PHPMemcachedAdmin Path Traversal vulnerability

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6026...

6.4CVSS7.2AI score0.00864EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

CVE-2019-10912: Prevent destructors with side-effects from being unserialized

More info at https://symfony.com/cve-2019-10912...

7.1CVSS7.2AI score0.02302EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

CVE-2024-50342: Internal address and port enumeration allowed by NoPrivateNetworkHttpClient

More info at https://symfony.com/cve-2024-50342...

4.3CVSS6.6AI score0.00481EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

CVE-2019-18887: Use constant time comparison in UriSigner

More info at https://symfony.com/cve-2019-18887...

8.1CVSS7.2AI score0.01338EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

CVE-2019-18886: Prevent user enumeration using switch user functionality

More info at https://symfony.com/cve-2019-18886...

5.3CVSS7.2AI score0.01552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Privilege escalation with the form generator

More info at https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html...

8CVSS7.2AI score0.01023EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

5.8CVSS5.1AI score0.00345EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Critical - Third Party Libraries

More info at https://www.drupal.org/sa-core-2019-001...

8CVSS7.2AI score0.0213EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Moderately critical - Third-party libraries - SA-CORE-2019-007

More info at https://www.drupal.org/SA-CORE-2019-007...

9.8CVSS7.2AI score0.05586EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

More info at https://www.drupal.org/sa-core-2020-004...

8.8CVSS7.2AI score0.00695EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/12/17 8:15 p.m.•23 views

Key Commitment Issues in S3 Encryption Clients

More info at https://aws.amazon.com/security/security-bulletins/AWS-2025-032/...

6CVSS7AI score0.00176EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/01/22 11:19 p.m.•23 views

CVE-2023-44401 View permissions are bypassed for paginated lists of ORM data in GraphQL queries

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-44401...

5.3CVSS7.2AI score0.00419EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/04/17 4:0 p.m.•23 views

Improper Input Validation in headers

Impact Improper header parsing. An attacker could sneak in a newline \n into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. Patches The issue is patched in 1.6.1. Workarounds Ther...

6.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/02/01 8:0 a.m.•23 views

CVE-2022-24895: Possible CSRF token fixation

More info at https://symfony.com/cve-2022-24895...

8.8CVSS7.2AI score0.0079EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/09/13 8:6 a.m.•23 views

TYPO3-CORE-SA-2022-010: Cross-Site Scripting in <f:asset.css> view helper

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-010...

6.5CVSS7.2AI score0.0072EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/27 5:27 a.m.•23 views

CVE-2022-29858: Unpublished, protected files can be published via shortcode

More info at https://www.silverstripe.org/download/security-releases/cve-2022-29858...

4.3CVSS7.2AI score0.01156EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/23 1:55 p.m.•24 views

Server-Side Request Forgery in dompdf/dompdf

Server-Side Request Forgery SSRF in GitHub repository dompdf/dompdf prior to 2.0.0...

5.3CVSS5.2AI score0.00953EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/04/13 2:54 p.m.•23 views

Missing input validation can lead to command execution in composer

The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...

8.8CVSS8.9AI score0.01857EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/02/15 1:54 a.m.•24 views

A cross-site scripting vulnerability

Description Impact SVG sanitizer library before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+xml were not affected. Patches This...

4.3CVSS5.6AI score0.00682EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/10/23 11:11 a.m.•23 views

CVE-2021-41268: Remember me cookie persistance after password changes

More info at https://symfony.com/cve-2021-41268...

8.8CVSS7.2AI score0.01283EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/10/09 12:10 p.m.•23 views

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

More info at https://symfony.com/cve-2021-41267...

6.5CVSS7.2AI score0.01239EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/07/20 9:14 a.m.•23 views

TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-009...

6.4CVSS7.2AI score0.00603EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/07/20 9:14 a.m.•23 views

TYPO3-CORE-SA-2021-009: Cross-Site Scripting in Page Preview

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-009...

6.4CVSS7.2AI score0.00603EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/05/12 8:0 a.m.•23 views

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

5.3CVSS5.7AI score0.01712EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/16 8:59 a.m.•23 views

TYPO3-CORE-SA-2021-004: Cross-Site Scripting in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-004...

5.4CVSS5.8AI score0.00872EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/16 8:58 a.m.•23 views

TYPO3-CORE-SA-2021-006: Cleartext storage of session identifier

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-006...

7.5CVSS7.8AI score0.00918EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/28 8:18 a.m.•23 views

TYPO3-CORE-SA-2020-008: Sensitive Information Disclosure

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-008...

8.8CVSS7.2AI score0.02229EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/10 2:57 p.m.•23 views

CVE-2019-19326: Web Cache Poisoning through HTTPRequestBuilder

More info at https://www.silverstripe.org/download/security-releases/cve-2019-19326/...

5.9CVSS7.2AI score0.00758EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:38 a.m.•23 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-015...

6.1CVSS7.2AI score0.00685EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•23 views

PRODSECBUG-2316: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•23 views

PRODSECBUG-2208: Insufficient authorization check when adding users to company accounts

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00897EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•23 views

PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01438EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•23 views

PRODSECBUG-2363: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•23 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/11 4:34 p.m.•23 views

CVE-2019-12149: Potential SQL injection in restfulserver and registry modules

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12149...

9.8CVSS7.2AI score0.01355EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/04/20 10:8 p.m.•23 views

Unsafe deserialization in SmtpTransport

More info at https://bakery.cakephp.org/2019/04/23/cakephp37736153518released.html...

7.5CVSS7.2AI score0.02002EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702