Lucene search
K
FriendsofphpMost viewed

1708 matches found

Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•53 views

PRODSECBUG-2270: Reflected cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/11/01 10:15 a.m.•53 views

Multiple CRLF injection vulnerabilities

This release contains an important security update. Security update Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack...

5CVSS9.3AI score0.01988EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•52 views

PRODSECBUG-2416: Using vulnerable component that provides abstraction of HTTP specification

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01239EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•52 views

PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/01 7:2 p.m.•52 views

Arbitrary code execution via a crafted email address

More info at https://github.com/zetacomponents/Mail/issues/58...

8.1CVSS7.2AI score0.10652EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/11/13 5:52 p.m.•52 views

RCE vulnerability in phpunit

More info at https://nvd.nist.gov/vuln/detail/CVE-2017-9841...

7.5CVSS0.5AI score0.99999EPSS
Exploits19Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/13 1:44 p.m.•51 views

Cross-Site Scripting

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-012...

5.4CVSS7.2AI score0.00487EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•51 views

PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/03/30 12:0 a.m.•50 views

Key/algorithm type confusion

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...

9.1CVSS9.1AI score0.00777EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/15 10:47 a.m.•50 views

CVE-2021-41270: Prevent CSV Injection via formulas

More info at https://symfony.com/cve-2021-41270...

6.5CVSS7.2AI score0.01355EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/17 9:18 a.m.•50 views

Remote code execution

Hello, as discussed by email, this fixes a serious vulnerability. Hopefully my code is OK-ish...

7.5CVSS9AI score0.99943EPSS
Exploits36Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•50 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•50 views

PRODSECBUG-2299: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•50 views

PRODSECBUG-2321: Filter extension bypass via crafted store configuration keys

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.2CVSS7.2AI score0.01584EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•50 views

PRODSECBUG-2188: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•50 views

PRODSECBUG-2353: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/05/26 3:23 p.m.•50 views

EZSA-2017-005 XSS issue in search

More info at http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search...

6.1CVSS6.5AI score0.00679EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/14 1:33 p.m.•50 views

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)

More info at https://contao.org/en/news/contao-3515.html...

4.3CVSS6.8AI score0.02214EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/14 6:13 p.m.•50 views

Potential XXE security issue

improved XXE fix CVE-2014-2053...

7.5CVSS8.9AI score0.04681EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•49 views

PRODSECBUG-2475: Remote Code Execution through Cross-Site Request Forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8CVSS7.2AI score0.00854EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•49 views

PRODSECBUG-2132: Insecure Direct Object Reference (IDOR) vulnerability can expose sensitive company details

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.01143EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•49 views

PRODSECBUG-2232: Arbitrary code execution via layout manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

8.8CVSS7.2AI score0.01954EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/05/15 9:9 a.m.•50 views

Remote Code Execution

$highlight = Pygmentize::highlight'?php phpinfo;', ';uname -a '; printr$highlight; This will produce the following output: Darwin Micheals-MBP 16.1.0 Darwin Kernel Version 16.1.0: Thu Oct 13 21:26:57 PDT 2016; root:xnu-3789.21.360/RELEASEX8664 x8664 The problem lines appear to be here:...

1.3AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/07/15 3:35 p.m.•49 views

Code injection in the way Symfony implements translation caching in FrameworkBundle

More info at https://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released...

7.2AI score0.0078EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•48 views

PRODSECBUG-2452: User Password is stored in clear

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00726EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•48 views

PRODSECBUG-2447: Using JS libraries with known security vulnerabilities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.01239EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•48 views

PRODSECBUG-2193: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•48 views

PRODSECBUG-2186: Insecure Direct Object Reference (IDOR) vulnerability can expose order details

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

5.3CVSS7.2AI score0.0088EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•48 views

PRODSECBUG-2127: Disclosure of Magento admin panel URL

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•48 views

PRODSECBUG-2346: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/20 10:16 p.m.•47 views

CURLOPT_HTTPAUTH option not cleared on change of origin

Impact Authorization headers on requests are sensitive information. When using our Curl handler, it is possible to use the CURLOPTHTTPAUTH option to specify an Authorization header. On making a request which responds with a redirect to a URI with a different origin, if we choose to follow it, we...

7.7CVSS7.3AI score0.03425EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/09/02 8:0 a.m.•47 views

CVE-2020-15094: Prevent RCE when calling untrusted remote with CachingHttpClient

More info at https://symfony.com/cve-2020-15094...

8.8CVSS7.2AI score0.03043EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•47 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•47 views

PRODSECBUG-2300: Information about disabled products can be leaked due to inadequate validation checks

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•47 views

PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.02413EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•47 views

Deserialization of Untrusted Data

This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation...

10CVSS9.6AI score0.02714EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/05/20 12:7 a.m.•46 views

TYPO3-EXT-SA-2025-008: Multiple vulnerabilities in extension "Front End User Registration" (sr_feuser_register)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-008...

10CVSS7.2AI score0.00598EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/06/04 4:23 p.m.•46 views

Unsafe Reflection in base Component class

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

9.1CVSS8.9AI score0.7939EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/11/30 12:40 p.m.•46 views

Test code in published microsoft-graph-core package exposes phpinfo()

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-49283...

5.4CVSS7.2AI score0.02203EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/04/25 9:11 a.m.•46 views

Directory traversal vulnerability in the file manager

More info at https://contao.org/en/security-advisories/directory-traversal-in-the-file-manager.html...

6.5CVSS7.2AI score0.00797EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/02/26 12:51 a.m.•46 views

CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4

Impact This vulnerability might allow remote attackers to bypass the CodeIgniter4 CSRF protection mechanism. Patches Upgrade to v4.1.9 or later. Workarounds These are workarounds for this vulnerability, but you will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF...

8.8CVSS7.5AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•46 views

PRODSECBUG-2414: Remote code execution through custom layout update of the content management functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•46 views

PRODSECBUG-2317: Stored cross-site scripting in admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•46 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•46 views

PRODSECBUG-2296: Arbitrary code execution through design layout update

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01921EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/09/20 7:59 p.m.•46 views

1.31.0 tarball is missing .htaccess files

More info at https://phabricator.wikimedia.org/T199029...

5.3CVSS7.2AI score0.02056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•46 views

PHP file inclusion via insert tags

More info at https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html...

7.2CVSS7.2AI score0.01254EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/06/16 4:20 p.m.•45 views

RCE affecting Windows hosts via UNC paths to translation files

This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...

8.1CVSS8AI score0.02803EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/12 7:47 p.m.•45 views

HTTP Proxy header vulnerability

Bugfixes Mitigate HTTPoxy vulnerability 23...

8.1CVSS6.4AI score0.50427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•45 views

Critical - Arbitrary PHP code execution

More info at https://www.drupal.org/sa-core-2019-002...

9.8CVSS7.2AI score0.33228EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1708