Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.22 views

PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01438EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/30 8:55 p.m.22 views

Forbid blocking IP ranges as big as /1 and /2, as done on ruwikiquote using the API

More info at https://phabricator.wikimedia.org/T199540...

7.5CVSS7.2AI score0.01362EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/07 6:59 a.m.22 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

4.3CVSS6.2AI score0.00966EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/06 2:40 p.m.22 views

By-passing Protection of PharStreamWrapper Interceptor

More info at https://typo3.org/security/advisory/typo3-psa-2019-007...

9.8CVSS7.2AI score0.05586EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/04/09 10:24 a.m.22 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/11/06 11:52 a.m.22 views

CVE-2018-19790: Open Redirect Vulnerability on login

More info at https://symfony.com/cve-2018-19790...

6.1CVSS7.2AI score0.01485EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/25 11:46 a.m.22 views

CVE-2018-11385: Session Fixation Issue for Guard Authentication

More info at https://symfony.com/cve-2018-11385...

8.1CVSS7.2AI score0.02014EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/02/20 9:35 p.m.22 views

Comment reply form allows access to restricted content.

More info at https://www.drupal.org/SA-CORE-2018-001...

8.1CVSS7.2AI score0.0123EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/11/01 7:2 p.m.22 views

Arbitrary code execution via a crafted email address

More info at https://github.com/zetacomponents/Mail/issues/58...

6.8CVSS7.8AI score0.10652EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/08/16 5:10 p.m.22 views

Entity access bypass for entities that do not have UUIDs or have protected revisions.

More info at https://www.drupal.org/SA-CORE-2017-004...

9.8CVSS7.2AI score0.03017EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/07/12 9:9 a.m.22 views

A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter

More info at https://contao.org/en/news/contao-441.html...

8.8CVSS7.2AI score0.01962EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/06/21 6:13 p.m.22 views

File REST resource does not properly validate

More info at https://www.drupal.org/SA-CORE-2017-003...

5.9CVSS7.2AI score0.01834EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/03/15 8:19 p.m.22 views

Some admin paths were not protected with a CSRF token

More info at https://www.drupal.org/SA-2017-001...

7.5CVSS7.2AI score0.0078EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/09/21 6:39 p.m.22 views

Full config export can be downloaded without administrative permissions

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.01716EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/10 2:51 p.m.22 views

Composer Cache Injection vulnerability

More info at http://flyingmana.de/blogen/2016/02/14/composercacheinjectionvulnerabilitycve20158371.html...

6.8CVSS0.6AI score0.00697EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/01/14 9:48 a.m.22 views

CVE-2016-1902: SecureRandom's fallback not secure when OpenSSL fails

More info at https://symfony.com/cve-2016-1902...

7.5CVSS7.2AI score0.01907EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/12/14 6:22 p.m.22 views

Remote Code Execution Vulnerability

More info at https://developer.joomla.org/security-centre/637-20151205-session-remote-code-execution-vulnerability.html...

7.5CVSS7.2AI score0.08455EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/12/07 12:7 a.m.22 views

Information Disclosure

This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...

8.8CVSS7.6AI score0.39374EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/09/15 6:52 p.m.22 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/08/31 12:36 p.m.22 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/07/10 6:12 p.m.22 views

class yii\web\ViewAction allowed to include arbitrary files that end with .php

More info at https://www.yiiframework.com/news/87/yii-2-0-5-is-released-security-fix/...

9.8CVSS7.2AI score0.0074EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/03/19 3:59 p.m.22 views

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

6.4CVSS7.2AI score0.01876EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

4.3CVSS6.1AI score0.01244EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Remote Code Execution via Chosen-Ciphertext Attack

framework/src/Titon/Crypto/OpenSslCipher.hh Lines 30 to 39 in cbf4472 public function decryptstring $payload: mixed $payload = $this-decodePayload$payload; $method = $this-getMethod; $value = openssldecrypthex2bin$payload'data', $method, $this-getKey, OPENSSLRAWDATA, hex2bin$payload'iv'; if $valu...

1.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Cross-site scripting (XSS) vulnerability in the system log

More info at https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log-2021.html...

6.1CVSS7.2AI score0.0074EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Cross site scripting via HTML attributes in the back end

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Mautic core - Moderately Critical - XSS vulnerability when creating/editing a company

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Critical - Third Party Libraries

More info at https://www.drupal.org/sa-core-2019-001...

8CVSS7.2AI score0.0213EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

More info at https://www.drupal.org/sa-core-2020-008...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

More info at https://www.drupal.org/sa-core-2021-002...

6.1CVSS7.2AI score0.00671EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/26 8:0 a.m.21 views

CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

More info at https://symfony.com/cve-2026-46644...

5.8AI score0.00137EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/01/29 6:52 a.m.21 views

Missing output escaping for the null coalesce operator

More info at https://symfony.com/blog/twig-cve-2025-24374-missing-output-escaping-for-the-null-coalesce-operator...

4.3CVSS4.6AI score0.00282EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/07/17 12:24 a.m.21 views

SS-2024-001 - TinyMCE allows svg files linked in object tags

More info at https://www.silverstripe.org/download/security-releases/ss-2024-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/12/12 8:52 p.m.21 views

TYPO3-EXT-SA-2023-011: Configuration Injection in extension "Direct Mail" (direct_mail)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-011...

6.8AI score0.01517EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/12/13 9:19 a.m.21 views

TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-016...

5.7CVSS7.2AI score0.00514EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/12/13 9:19 a.m.21 views

TYPO3-CORE-SA-2022-014: Insufficient Session Expiration after Password Reset

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-014...

5.4CVSS7.2AI score0.004EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/12/13 9:18 a.m.21 views

TYPO3-CORE-SA-2022-013: Weak Authentication in Frontend Login

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-013...

6.5CVSS7.2AI score0.00479EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/09/22 1:54 p.m.21 views

Remote file inclusion

registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule...

7.5CVSS7.5AI score0.04173EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/07/20 6:0 p.m.21 views

Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012

More info at https://www.drupal.org/sa-core-2022-012...

7.5CVSS7.2AI score0.00667EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/06/27 5:27 a.m.21 views

CVE-2022-24444: Hybridsessions does not expire session id on logout

More info at https://www.silverstripe.org/download/security-releases/cve-2022-24444...

6.5CVSS7.2AI score0.00834EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/01/21 6:21 a.m.21 views

Possible RCE when rendering untrusted user templates

Fix CVE-2022-0323, possible RCE when rendering untrusted user templates, reported by @altm4n via huntr.dev - Improve compatibility with PHP 8.1...

8.8CVSS8.6AI score0.00691EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/01/10 12:1 a.m.21 views

Sandbox Escape by math function

Impact Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Patches Please upgrade to 4.0.2 or 3.1.42 or...

8.8CVSS8.8AI score0.01927EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/06/07 10:31 p.m.21 views

CVE-2020-26136 GraphQL doesn't honour MFA when using basic auth

More info at https://www.silverstripe.org/download/security-releases/cve-2020-26136...

6.5CVSS7.2AI score0.01157EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/12/05 4:2 p.m.21 views

Possible to circumvent title-blacklist

More info at https://phabricator.wikimedia.org/T239466...

6.1CVSS7.2AI score0.01564EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/30 8:55 p.m.21 views

Exposed suppressed log in RevisionDelete page

More info at https://phabricator.wikimedia.org/T222038...

6.5CVSS7.2AI score0.01382EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/07 6:59 a.m.21 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

6.1CVSS7.2AI score0.00966EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/06 2:40 p.m.21 views

By-passing Protection of PharStreamWrapper Interceptor

More info at https://typo3.org/security/advisory/typo3-psa-2019-008...

9.8CVSS7.2AI score0.02675EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/04/09 12:21 p.m.21 views

The CSRF token check can be bypassed

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10642.html...

8.8CVSS7.2AI score0.00499EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702