Friendsofphp - Page 21 of Friendsofphp Most Viewed Vulnerabilities List

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS

Exploits1Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•16 views

Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

More info at https://symfony.com/blog/cve-2024-51755-unguarded-calls-to-isset-and-to-array-accesses-in-a-sandbox...

2.2CVSS5.9AI score0.00414EPSS

Exploits0Affected Software1

Friends Of PHP•added 1970/01/01 12:0 a.m.•16 views

CVE-2024-50341: Security::login does not take into account custom user_checker

More info at https://symfony.com/cve-2024-50341...

3.1CVSS6.6AI score0.00318EPSS

Exploits0Affected Software1

Friends Of PHP•added 2026/02/08 10:45 p.m.•15 views

Denial of Service via "MadeYouReset" vulnerability

Versions of amphp/http-server prior to 3.4.4 for the 3.x release branch and prior to 2.1.10 for the 2.x release branch are vulnerable to the HTTP/2 "MadeYouReset" DoS attack described by CVE-2025-8671 and https://kb.cert.org/vuls/id/767506. In versions 3.4.4 and 2.1.10, stream reset protection ha...

7.5CVSS5.4AI score0.04604EPSS

Exploits3Affected Software1

Friends Of PHP•added 2025/12/17 8:15 p.m.•15 views

Key Commitment Issues in S3 Encryption Clients

More info at https://aws.amazon.com/security/security-bulletins/AWS-2025-032/...

6CVSS7AI score0.00176EPSS

Exploits0Affected Software1

Friends Of PHP•added 2025/05/20 8:59 a.m.•15 views

TYPO3-EXT-SA-2025-005: Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-005...

6.4CVSS7.2AI score0.00196EPSS

Exploits0Affected Software1

Friends Of PHP•added 2025/01/27 6:56 p.m.•15 views

TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-001...

4.2CVSS7.2AI score0.00168EPSS

Exploits0Affected Software1

Friends Of PHP•added 2024/05/01 11:33 a.m.•15 views

Insecure HTTPS Connections due to Missing Default Certificate Validation

More info at https://huntr.com/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2024/04/02 8:3 a.m.•15 views

TYPO3-EXT-SA-2024-002: Authentication Bypass in "OpenID Connect Authentication" (oidc)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2024-002...

7.2AI score0.00434EPSS

Exploits0Affected Software1

Friends Of PHP•added 2021/11/21 12:0 a.m.•15 views

CVE-2022-37421 - Stored XSS in custom meta tags

More info at https://www.silverstripe.org/download/security-releases/cve-2022-37421...

5.4CVSS7.2AI score0.00529EPSS

Exploits0Affected Software1

Friends Of PHP•added 2020/07/25 11:16 a.m.•15 views

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

5CVSS5.8AI score0.00966EPSS

Exploits0Affected Software1

Friends Of PHP•added 2020/02/20 3:55 p.m.•15 views

EZSA-2020-001 Remote code execution in file uploads

More info at https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads...

7.2AI score

Exploits0Affected Software1

Friends Of PHP•added 2020/01/21 3:10 p.m.•15 views

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

7AI score

Exploits0Affected Software1

Friends Of PHP•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2342: Cross-Site Scripting mitigation bypass