Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2020/09/24 1:38 a.m.•20 views

Unescaped message used in HTML within LogEventsList

More info at https://phabricator.wikimedia.org/T256171...

6.1CVSS7.2AI score0.01104EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•20 views

TYPO3-CORE-SA-2020-006: Same-Site Request Forgery to Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-006...

8.8CVSS7.2AI score0.00699EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•20 views

CVE-2020-5255: Prevent cache poisoning via a Response Content-Type header

More info at https://symfony.com/cve-2020-5255...

4.3CVSS7.2AI score0.01297EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/11/13 8:0 a.m.•20 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/05/30 8:55 p.m.•20 views

Direct POST to Special:ChangeEmail will bypass reauth check

More info at https://phabricator.wikimedia.org/T197279...

9.8CVSS7.2AI score0.03427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/05/30 8:55 p.m.•20 views

Need to make a limit of count of attempts to change email address

More info at https://phabricator.wikimedia.org/T209794...

5.3CVSS7.2AI score0.01263EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/04/16 3:19 p.m.•20 views

Fixed being bypassable of CVE-2019-6257 SSRF.

Changes form previous version All previous changes is here. - js:core Fixed 2863 cssAutoLoad Array option is not working - js:core Fixed 2862 stop autoSync when browser tab turn to background - cmd:search Fixed 2867 support incremental search other than filename - VD:abstract Fixed 2873 correct...

7.7CVSS7.4AI score0.01098EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/09/20 6:59 p.m.•20 views

$wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'

More info at https://phabricator.wikimedia.org/T169545...

4.3CVSS5AI score0.0153EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/03/02 2:30 p.m.•20 views

Incorrect signature validation

More info at https://simplesamlphp.org/security/201803-01...

8.1CVSS7.2AI score0.01202EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•20 views

Settings Tray access bypass.

More info at https://www.drupal.org/SA-CORE-2018-001...

6.5CVSS7.2AI score0.0109EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/01/13 11:13 p.m.•20 views

The switchIdentity() function in yii\web\User did not regenerate the CSRF token upon a change of identity

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

8.8CVSS7.2AI score0.00592EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/08/16 5:10 p.m.•20 views

Views does not properly restrict access to the Ajax endpoint.

More info at https://www.drupal.org/SA-CORE-2017-004...

6.5CVSS7.2AI score0.01628EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/06/21 6:13 p.m.•20 views

Files uploaded by anonymous users into a private file system can be accessed by other anonymous users

More info at https://www.drupal.org/SA-CORE-2017-003...

6.5CVSS7.2AI score0.01947EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/19 1:3 p.m.•20 views

Environment Variable Injection

More info at https://typo3.org/security/advisory/typo3-core-sa-2016-019...

8.1CVSS9.7AI score0.50427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/06/15 8:59 p.m.•20 views

Saving user accounts can sometimes grant the user all roles

More info at https://www.drupal.org/SA-CORE-2016-002...

8.8CVSS7.2AI score0.02531EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/02/15 6:57 p.m.•20 views

Saving user accounts can sometimes grant the user all roles

More info at https://www.drupal.org/SA-CORE-2016-001...

8.1CVSS7.2AI score0.02221EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/11/23 11:45 a.m.•20 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/08/31 1:34 p.m.•20 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/07 8:16 a.m.•20 views

Potential CRLF injection attacks in mail and HTTP headers

More info at https://framework.zend.com/security/advisory/ZF2015-04...

6.1CVSS7.2AI score0.01009EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/01/08 2:18 p.m.•20 views

XSS vulnerability in login redirect param

Security advisory: XSS vulnerability in login redirect param ZfcUser version 1.2.2 has been released and includes a security for this vulnerability. Fix has been applied in @baf0e460 Affected versions All versions below 1.2.2 are affected. dev-master is fixed starting from @2cc167a Exploits Becau...

4.3CVSS5.6AI score0.01892EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/10/22 9:14 a.m.•20 views

Denial of Service in OpenID System Extension

More info at https://typo3.org/security/advisory/typo3-core-sa-2014-002...

7.5CVSS7.2AI score0.02997EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/01/15 9:21 p.m.•20 views

Ability to enable/disable object support in YAML parsing and dumping

More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...

7.5CVSS6.7AI score0.01619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2010/06/01 12:0 a.m.•20 views

XSS vulnerability exploitable on Internet Explorer

More info at http://htmlpurifier.org/news/2010/0531-4.1.1-released...

4.3CVSS7.2AI score0.02008EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

SQL injection vulnerabililty in the file manager search filter

More info at https://contao.org/en/news/security-vulnerability-cve-2019-11512.html...

9.8CVSS7.2AI score0.01462EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

More info at https://symfony.com/cve-2024-51996...

7.5CVSS6.6AI score0.00633EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS5.4AI score0.01193EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

TOTP throttle not enforced cross-wiki

More info at https://phabricator.wikimedia.org/T251661...

7.5CVSS7.2AI score0.01752EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

More info at https://www.drupal.org/sa-core-2020-005...

9.3CVSS7.2AI score0.02978EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

CVE-2019-10911: Add a separator in the remember me cookie hash

More info at https://symfony.com/cve-2019-10911...

7.5CVSS7.2AI score0.01243EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

CVE-2024-50343: Incorrect response from Validator when input ends with ` `

More info at https://symfony.com/cve-2024-50343...

3.1CVSS6.6AI score0.00465EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/26 8:0 a.m.•19 views

CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence

More info at https://symfony.com/cve-2026-46644...

5.8AI score0.00137EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/20 8:0 a.m.•19 views

Arbitrary PHP code execution via `_self.(<string>)` macro-reference compilation

More info at https://symfony.com/cve-2026-46640...

5.8AI score0.00056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/18 4:40 p.m.•19 views

TYPO3-EXT-SA-2026-009: Broken Access Control in extension "Frontend User Registration" (sf_register)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-009...

6.9CVSS5.8AI score0.00352EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/04/20 7:0 p.m.•19 views

Cross-site scripting (XSS) via script break-out in toScript() output

What's Changed Escape HTML tags in toScript output to prevent script break-out by @freekmurze in https://github.com/spatie/schema-org/pull/242 Values containing passed as schema properties could break out of the generated block and execute injected HTML when the value was attacker-controlled...

5.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/07/17 12:24 a.m.•19 views

CVE-2024-29885 - Reports are still accessible even when canView is set to false

More info at https://www.silverstripe.org/download/security-releases/cve-2024-29885...

4.3CVSS6.8AI score0.00404EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•19 views

CVE-2022-37429 - Stored XSS using HTMLEditor

More info at https://www.silverstripe.org/download/security-releases/cve-2022-37429...

5.4CVSS7.2AI score0.00473EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/09/22 7:30 p.m.•19 views

$this->validate() returns all properties, not just validated ones

IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...

2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/04 2:50 p.m.•19 views

Insecure default secret key and IV allowing anyone to decrypt values

This issue has been deleted...

2.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•19 views

PRODSECBUG-2423: Cross-Site Scripting via inventory source

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•19 views

CVE-2019-14272: XSS in file titles managed through the CMS

More info at https://www.silverstripe.org/download/security-releases/cve-2019-14272/...

5.4CVSS7.2AI score0.00725EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/11 4:34 p.m.•19 views

CVE-2019-12437: Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12437...

8.8CVSS7.2AI score0.00742EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/11 4:34 p.m.•19 views

CVE-2019-12246: Denial of Service on flush and development URL tools

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12246...

4.3CVSS7.2AI score0.00697EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/05/07 9:33 a.m.•19 views

Cross-Site Scripting in Fluid Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-013...

6.1CVSS7.2AI score0.00966EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/01/15 5:30 p.m.•19 views

CVE-2019-1000011: Access control bypass in GraphQL mutations

Q A Bug fix? yes New feature? no BC breaks? no Deprecations? no Tests pass? yes Fixed tickets 2364 License MIT Doc PR This prevents passing IRIs belonging to different resource classes, which would bypass access control in some instances see 2364...

5.5CVSS6.3AI score0.01024EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/09/20 5:24 a.m.•19 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/09/14 3:26 p.m.•19 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Total number of security vulnerabilities1702