Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2019/04/09 12:21 p.m.21 views

The CSRF token check can be bypassed

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10642.html...

8.8CVSS7.2AI score0.00499EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/09/20 6:59 p.m.21 views

BotPassword can bypass CentralAuth's account lock

More info at https://phabricator.wikimedia.org/T194605...

6.5CVSS6.7AI score0.01932EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/25 11:46 a.m.21 views

CVE-2018-11406: CSRF Token Fixation

More info at https://symfony.com/cve-2018-11406...

8.8CVSS7.2AI score0.00761EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/25 11:46 a.m.21 views

CVE-2018-11406: CSRF Token Fixation

More info at https://symfony.com/cve-2018-11406...

8.8CVSS7.2AI score0.00761EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/02/20 9:35 p.m.21 views

Settings Tray access bypass.

More info at https://www.drupal.org/SA-CORE-2018-001...

6.5CVSS7.2AI score0.0109EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/01/16 10:51 a.m.21 views

Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air.

Bugfixes Fixed a security issue discovered by @hernandev that enabled an attacker to impersonate any registered user in a Firebase application...

6.8CVSS7.7AI score0.01335EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/08/25 11:35 a.m.21 views

Cross Site Scripting (XSS) in the consentAdmin module

More info at https://simplesamlphp.org/security/201709-01...

6.1CVSS7.2AI score0.01223EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/07/17 10:54 a.m.21 views

CVE-2017-11365: Empty passwords validation issue

More info at https://symfony.com/cve-2017-11365...

9.8CVSS7.2AI score0.01855EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/07/17 10:54 a.m.21 views

CVE-2017-11365: Empty passwords validation issue

More info at https://symfony.com/cve-2017-11365...

9.8CVSS7.2AI score0.01855EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/06/21 6:13 p.m.21 views

File REST resource does not properly validate

More info at https://www.drupal.org/SA-CORE-2017-003...

5.9CVSS7.2AI score0.01834EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/06/21 6:13 p.m.21 views

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

More info at https://www.drupal.org/SA-CORE-2017-003...

6.5CVSS7.2AI score0.01947EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/06/21 6:13 p.m.21 views

PECL YAML parser unsafe object handling

More info at https://www.drupal.org/SA-CORE-2017-003...

9.8CVSS7.2AI score0.20482EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/03/15 8:19 p.m.21 views

Remote code execution

More info at https://www.drupal.org/SA-2017-001...

8.1CVSS7.2AI score0.03901EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/02/26 10:15 p.m.21 views

Arbitrary shell execution

Security Advisory This release contains a fix for a security advisory related to the improper handling of shell commands Uses of shellexec and exec were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary co...

0.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/02/01 10:45 a.m.21 views

Remote Code Execution in Qquoteadv/controllers/DownloadController.php

More info at https://cart2quote.zendesk.com/hc/en-us/articles/115000616303--FIXED-Security-Vulnerability-in-downloadCustomOptionAction...

0.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/09/21 6:39 p.m.21 views

Cross-site Scripting in http exceptions

More info at https://www.drupal.org/SA-CORE-2016-004...

6.1CVSS7.2AI score0.01488EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/06/15 8:59 p.m.21 views

Saving user accounts can sometimes grant the user all roles

More info at https://www.drupal.org/SA-CORE-2016-002...

8.8CVSS7.2AI score0.02531EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.21 views

HTTP header injection using line breaks

More info at https://www.drupal.org/SA-CORE-2016-001...

5.9CVSS7.2AI score0.01179EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.21 views

Reflected file download vulnerability

More info at https://www.drupal.org/SA-CORE-2016-001...

8.5CVSS7.2AI score0.02483EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/15 6:57 p.m.21 views

Session data truncation can lead to unserialization of user provided data

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.0319EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/08/31 12:37 p.m.21 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/26 11:55 p.m.21 views

CVE-2015-4050: ESI unauthorized access

More info at https://symfony.com/cve-2015-4050...

4.3CVSS7.2AI score0.08269EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/04/01 6:55 p.m.21 views

Unsafe methods in the Request class

More info at https://symfony.com/cve-2015-2309...

7.2AI score0.00785EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/04/01 6:8 p.m.21 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/...

0.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/03/01 9:13 a.m.21 views

PHP object injection attack vulnerability in Slim.

https://github.com/slimphp/Slim/blob/master/Slim/Middleware/SessionCookie.phpL127 Generally, it's a bad idea to blindly unserialize user-controllable input. https://www.owasp.org/index.php/PHPObjectInjection EDIT - for people who don't want to read the whole thread: The SessionCookie class is not...

7.5CVSS6AI score0.02497EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/09/16 10:0 p.m.21 views

Anonymous authentication in ldap_bind() function of PHP, using null byte

More info at https://framework.zend.com/security/advisory/ZF2014-05...

5CVSS7.2AI score0.02495EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/09/03 7:38 a.m.21 views

Security issue when parsing the Authorization header

More info at https://symfony.com/cve-2014-6061...

7.2AI score0.00956EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/03/10 9:57 p.m.21 views

Arbitrary file read in dompdf

More info at https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2383/...

6.8CVSS7.2AI score0.39374EPSS
Exploits6Affected Software1
Friends Of PHP
Friends Of PHP
added 2013/12/10 11:47 a.m.21 views

Cross-Site Scripting in TYPO3 Flow

More info at https://www.neos.io/blog/flow-sa-2013-001.html...

4.3CVSS7.2AI score0.01187EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2013/12/10 11:47 a.m.21 views

Cross-Site Scripting in TYPO3 Flow

More info at https://www.neos.io/blog/flow-sa-2013-001.html...

4.3CVSS7.2AI score0.01187EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/03/19 3:59 p.m.21 views

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

6.4CVSS7.2AI score0.01876EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Privilege escalation with the form generator

More info at https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html...

8CVSS7.2AI score0.01023EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Drupal core - Less critical - Access bypass - SA-CORE-2020-006

More info at https://www.drupal.org/sa-core-2020-006...

9.8CVSS7.2AI score0.01275EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...

6.1CVSS5.8AI score0.00799EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

SQL Server LIMIT / OFFSET SQL Injection

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

7.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

6.1CVSS7.2AI score0.00959EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

More info at https://www.drupal.org/sa-core-2020-005...

9.3CVSS7.2AI score0.02978EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

More info at https://www.drupal.org/sa-core-2020-010...

6.1CVSS7.2AI score0.00643EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch

More info at https://symfony.com/cve-2026-46626...

7.3CVSS5.8AI score0.63422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.20 views

symfony/ux-live-component CSRF Protection Bypass: Accept Header is CORS-Safelisted

Description When using symfony/ux-live-component, methods annotated with LiveAction are invokable from the browser and mutate server-side state via AJAX. Symfony\UX\LiveComponent\EventListener\LiveComponentSubscriber::isLiveComponentRequest gated these invocations on the presence of Accept:...

5.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/29 8:0 a.m.20 views

symfony/ux-autocomplete XSS via unescaped AJAX response data

Description The Stimulus controller shipped with symfony/ux-autocomplete renders AJAX response items into the dropdown by interpolating the text field directly into HTML template literals $itemlabelField inside createAutocompleteWithRemoteData. The value is parsed as HTML rather than text, so any...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/04/14 9:42 a.m.20 views

Command injection via malicious Perforce repository definition

Impact The Perforce::generateP4Command method constructed shell commands by interpolating user-supplied Perforce connection parameters port, user, client without proper escaping. An attacker controlling a repository configuration in a malicious composer.json declaring a Perforce VCS repository...

7.8CVSS6.4AI score0.01065EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
added 2024/12/13 3:51 p.m.20 views

Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page

Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page Vulnerability Overview The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. Identifier :...

8CVSS5.5AI score0.00509EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/10/04 9:43 a.m.20 views

TYPO3-EXT-SA-2023-008: Broken Access Control in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-008...

7.2AI score0.01077EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/07/20 10:11 a.m.20 views

Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013

More info at https://www.drupal.org/sa-core-2022-013...

6.5CVSS7.2AI score0.0059EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/06/14 10:59 a.m.20 views

TYPO3-EXT-SA-2022-014: SQL Injection in extension "LUX - TYPO3 Marketing Automation" (lux)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-014...

9.8CVSS7.2AI score0.26299EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/06/14 7:11 a.m.20 views

TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...

4.3CVSS7.2AI score0.00585EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/07/20 9:14 a.m.20 views

TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-011...

6.4CVSS7.2AI score0.00603EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/05/12 8:0 a.m.20 views

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

5.3CVSS5.7AI score0.01712EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702