Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2015/08/06 10:8 p.m.•18 views

Direct access of prefixed controller actions

More info at https://bakery.cakephp.org/2015/08/06/cakephp2592610272released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/03 7:37 a.m.•18 views

Denial of service with a malicious HTTP Host header

More info at https://symfony.com/cve-2014-5244...

7.2AI score0.01663EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/12/19 9:59 a.m.•18 views

Code execution vulnerability via the "internal" routes

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

6.8CVSS7.2AI score0.01173EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2010/06/01 12:0 a.m.•18 views

XSS vulnerability exploitable on Internet Explorer

More info at http://htmlpurifier.org/news/2010/0531-4.1.1-released...

4.3CVSS6.4AI score0.02008EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

Code injection vulnerability in allSelectors()

More info at https://packetstormsecurity.com/files/cve/CVE-2020-13756...

7.5CVSS9AI score0.55084EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes

More info at https://symfony.com/cve-2026-48489...

5.8AI score0.00058EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

CVE-2019-12186: XSS injection in the Grid component

More info at https://sylius.com/blog/cve-2019-12186/...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

Cookie serialization vulnerability

More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

CVE-2024-50341: Security::login does not take into account custom user_checker

More info at https://symfony.com/cve-2024-50341...

3.1CVSS6.6AI score0.00318EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/05/20 8:59 a.m.•17 views

TYPO3-EXT-SA-2025-005: Cross-Site Scripting in extension "[clickstorm] SEO" (cs_seo)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-005...

6.4CVSS7.2AI score0.00196EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/04/24 12:0 a.m.•17 views

Cryptographic side-channels in PHPECC

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

6.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/04/02 8:3 a.m.•17 views

TYPO3-EXT-SA-2024-002: Authentication Bypass in "OpenID Connect Authentication" (oidc)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2024-002...

7.2AI score0.00434EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/03/06 9:20 a.m.•17 views

Infinite Loop vulnerability

Math/PrimeField.php in phpseclib has an infinite loop with composite primefields. This vulnerability was introduced in version 3.0.0, and has been patched in 3.0.19. The CVE for this issue originally identified the the vulnerable version as 2.x, however, the vulnerable functionality was not...

7.5CVSS7.3AI score0.00815EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/20 1:37 p.m.•17 views

Drupal core - Moderately critical - Open Redirect - SA-CORE-2020-003

More info at https://www.drupal.org/sa-core-2020-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/11/06 11:44 a.m.•17 views

Critical signature bypass

More info at https://simplesamlphp.org/security/201911-01...

8.8CVSS7.2AI score0.03024EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 5:1 p.m.•17 views

CVE-2019-12617: Access escalation for CMS users with limited access through permission cache pollution

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12617/...

4CVSS7.2AI score0.00855EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/05/07 9:42 a.m.•17 views

Information Disclosure in Page Tree

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/14 12:44 p.m.•17 views

Denial of service

Make the world a bit safer...

2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/05/18 4:24 a.m.•17 views

Arbitrary shell execution

Security Advisory - This release contains a fix for a security advisory related to the improper handling of a shell command - A properly crafted filename would allow for arbitrary code execution when using the --filter=gitmodified command line option - All version 3 users are encouraged to upgrad...

7.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/04/19 4:7 p.m.•17 views

Access bypass

More info at https://www.drupal.org/SA-2017-002...

7.5CVSS7.2AI score0.01606EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/03/15 8:19 p.m.•17 views

Editor module incorrectly checks access to inline private files

More info at https://www.drupal.org/SA-2017-001...

7.5CVSS7.2AI score0.01891EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/19 1:3 p.m.•17 views

Cross-Site Scripting in third party library mso/idna-convert

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/11/23 11:45 a.m.•17 views

CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature

More info at https://symfony.com/cve-2015-8124...

6.8CVSS7.2AI score0.02712EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/09/15 3:50 p.m.•17 views

Filesystem Permissions Issues in Multiple Components

More info at https://framework.zend.com/security/advisory/ZF2015-07...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/08/31 2:47 p.m.•17 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/08/31 2:34 p.m.•17 views

Security Misconfiguration Vulnerability in various Doctrine projects

More info at https://www.doctrine-project.org/2015/08/31/securitymisconfigurationvulnerabilityinvariousdoctrineprojects.html...

7.8CVSS7.2AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/07/08 1:47 p.m.•17 views

Forced Redirect to External Website

More info at https://www.orocrm.com/blog/news/orocrm-security-announcement...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/10 3:58 a.m.•17 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/01/16 6:44 a.m.•17 views

XSS vulnerability in login redirect param

Security advisory: XSS vulnerability in login redirect param ScnSocialAuth version 1.15.2 has been released and includes a security for this vulnerability. Fix has been applied in https://github.com/SocalNick/ScnSocialAuth/commit/4a00966c41bc37251586d007564c5c891eba3700 Affected versions All...

6.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/04/08 1:16 p.m.•17 views

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

0.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/03/19 3:59 p.m.•17 views

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

6.4CVSS7.2AI score0.01876EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•17 views

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012

More info at https://www.drupal.org/sa-core-2019-012...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•17 views

PHP Code Injection

phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...

7.5CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•17 views

Unguarded calls to __isset() and to array-accesses when the sandbox is enabled

More info at https://symfony.com/blog/cve-2024-51755-unguarded-calls-to-isset-and-to-array-accesses-in-a-sandbox...

2.2CVSS5.9AI score0.00414EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•17 views

`{% sandbox %}{% include %}` skips checkSecurity() on cached templates (incomplete fix for CVE-2024-45411)

More info at https://symfony.com/cve-2026-46638...

8.6CVSS5.8AI score0.00826EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•17 views

Moderately critical - Cross Site Scripting - SA-CORE-2019-004

More info at https://www.drupal.org/SA-CORE-2019-004...

5.4CVSS7.2AI score0.12408EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/29 8:0 a.m.•16 views

symfony/ux-live-component Denial of service via unbounded batch action requests

Description Symfony\UX\LiveComponent\Controller\BatchActionController::invoke iterates over the client-supplied actions array and issues a full HttpKernel sub-request for each entry event subscribers, validators, Doctrine, rendering. The array size is never bounded, so an authenticated client can...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/29 8:0 a.m.•16 views

symfony/ux-autocomplete Information exposure via unescaped LIKE wildcards in EntitySearchUtil

Description Symfony\UX\Autocomplete\Doctrine\EntitySearchUtil::addSearchClause builds the LIKE expression used by the autocomplete endpoint by wrapping the client-supplied query in %...% without escaping the SQL LIKE wildcards %, , . The value is passed as a bound parameter, so this is not SQL...

5.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/04/10 2:37 a.m.•16 views

SS-2025-001 - User enumeration via timing attack

More info at https://www.silverstripe.org/download/security-releases/ss-2025-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/01/27 6:56 p.m.•16 views

TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-001...

4.2CVSS7.2AI score0.00168EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/01/14 9:24 p.m.•16 views

CVE-2024-47605 - XSS via insert media remote file oembed

More info at https://www.silverstripe.org/download/security-releases/cve-2024-47605...

5.4CVSS6.8AI score0.01108EPSS
Exploits2Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/05/01 11:33 a.m.•16 views

Insecure HTTPS Connections due to Missing Default Certificate Validation

More info at https://huntr.com/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/07/21 7:9 p.m.•16 views

Cross-site Scripting in Semantic MediaWiki

More info at https://nvd.nist.gov/vuln/detail/CVE-2022-48614...

6.1CVSS7.2AI score0.00422EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•16 views

CVE-2022-37421 - Stored XSS in custom meta tags

More info at https://www.silverstripe.org/download/security-releases/cve-2022-37421...

5.4CVSS7.2AI score0.00529EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/25 11:16 a.m.•16 views

Vulnerability which allows remote image dimensions check to be used to SSRF

More info at https://www.phpbb.com/community/viewtopic.php?f=14&t=2562636...

5CVSS5.8AI score0.00966EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/02/20 3:55 p.m.•16 views

EZSA-2020-001 Remote code execution in file uploads

More info at https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/21 3:10 p.m.•16 views

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/19 2:0 a.m.•16 views

Circumvents open_basedir INI directive

ADVISORY: This release circumvents openbasedir in the requestinithook. If you rely on the openbasedir INI directive, we highly recommended you upgrade to 0.30.2. Fixed Shutdown span flushing blocking the process when forked 493 Memory access errors in cases when PHP code was run after extension...

0.4AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/07/08 12:27 p.m.•16 views

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...

4.5AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702