Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2019/06/25 6:40 a.m.•16 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/25 11:46 a.m.•16 views

CVE-2018-11408: Open redirect vulnerability on security handlers

More info at https://symfony.com/cve-2018-11408...

6.1CVSS7.2AI score0.01139EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•16 views

Language fallback can be incorrect on multilingual sites with node access restrictions.

More info at https://www.drupal.org/SA-CORE-2018-001...

8.1CVSS7.2AI score0.0131EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/11/22 10:9 a.m.•16 views

Insecure Unserialize in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/11/18 12:17 p.m.•16 views

SS-2016-016: XSS In CMSSecurity BackURL

More info at https://www.silverstripe.org/download/security-releases/ss-2016-016/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/11/16 6:45 p.m.•16 views

Incorrect cache context on password reset page

More info at https://www.drupal.org/SA-CORE-2016-005...

7.5CVSS7.2AI score0.01004EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/09/21 6:39 p.m.•16 views

Users without "Administer comments" can set comment visibility on nodes they can edit

More info at https://www.drupal.org/SA-CORE-2016-004...

4.3CVSS7.2AI score0.01678EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/09/21 6:39 p.m.•16 views

Cross-site Scripting in http exceptions

More info at https://www.drupal.org/SA-CORE-2016-004...

6.1CVSS7.2AI score0.01488EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/13 12:17 p.m.•16 views

Cache Flooding in TYPO3 Frontend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/04/08 8:54 a.m.•16 views

Unauthenticated Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1918.html...

10CVSS7.2AI score0.28217EPSS
Exploits2Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/10/27 12:30 p.m.•16 views

XSS attack vector in Security Library method xss_clean()

More info at https://www.codeigniter.com/userguide/changelog.htmlversion-3-0-3...

0.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/06/23 3:55 p.m.•16 views

Potential XSS and Open Redirect vectors in zend-diactoros

More info at https://framework.zend.com/security/advisory/ZF2015-05...

6.1CVSS7.2AI score0.00908EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/12/29 1:23 p.m.•16 views

Header injection in NativeMailerHandler

Hopefully attacker controlled data is never used to set the encoding or content type, but just in case, prevent: $nmh = new NativeMailerHandler$to, $subject, $from; $nmh-setEncoding "utf-8\r\nFrom: [email protected]"; Since the injection happened in send, there doesn't seem to be a good way to a...

0.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/10/10 8:30 a.m.•16 views

Possible DOS attack with long user-submitted passwords

More info at https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released...

5CVSS7.2AI score0.01868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•16 views

Filter input to avoid XPath injection

In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white lists instead of black lists to allow only a...

2.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•16 views

CVE-2024-51996: Authentication Bypass via persisted RememberMe cookie

More info at https://symfony.com/cve-2024-51996...

7.5CVSS6.6AI score0.00633EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•16 views

Insecure Random Number Generator

Insecure RNG: https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.phpL167-L181 Insecure RNG fallback: https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.phpL48-L5...

7.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•16 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003

More info at https://www.drupal.org/sa-core-2021-003...

6.1CVSS7.2AI score0.03189EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•16 views

CVE-2024-50345: Open redirect via browser-sanitized URLs

More info at https://symfony.com/cve-2024-50345...

6.1CVSS6.6AI score0.00565EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•16 views

Code injection vulnerability in allSelectors()

More info at https://packetstormsecurity.com/files/cve/CVE-2020-13756...

9.8CVSS7.2AI score0.55084EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/29 8:0 a.m.•15 views

symfony/ux-live-component Format-less date LiveProps parsed with the permissive DateTime constructor

Description When a LiveProp is typed as a DateTimeInterface and no explicit format is configured, Symfony\UX\LiveComponent\LiveComponentHydrator::hydrateObjectValue falls back to new $className$value. The DateTime / DateTimeImmutable constructors accept relative strings such as "now", "tomorrow",...

6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/29 8:0 a.m.•15 views

symfony/ux-live-component LiveComponentHydrator HMAC checksum lacks component and slot binding

Description In symfony/ux-live-component, a component's server-side state is exposed to the browser as a set of props LiveProp-annotated properties. Props marked writable: true can be freely changed by the client. Read-only props are round-tripped to the browser and back, and their integrity is...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/20 8:0 a.m.•15 views

CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

More info at https://symfony.com/cve-2026-45075...

5.8AI score0.00052EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/05/18 2:30 p.m.•15 views

TYPO3-EXT-SA-2026-011: XML External Entity Injection in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

5.9CVSS5.8AI score0.00301EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/05/19 12:5 p.m.•15 views

symfony/ux-twig-component Unsanitized HTML attribute injection via ComponentAttributes

More info at https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes...

6.1CVSS7AI score0.00212EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/05/19 12:5 p.m.•15 views

symfony/ux-live-component Unsanitized HTML attribute injection via ComponentAttributes

More info at https://symfony.com/blog/symfony-ux-cve-2025-47946-unsanitized-html-attribute-injection-via-componentattributes...

6.1CVSS7AI score0.00212EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/04/10 2:37 a.m.•15 views

CVE-2025-25197 - XSS attack in elemental "Content blocks in use" report

More info at https://www.silverstripe.org/download/security-releases/cve-2025-25197...

5.4CVSS7.2AI score0.00284EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/01/14 9:24 p.m.•15 views

CVE-2024-53277 - XSS in form messages

More info at https://www.silverstripe.org/download/security-releases/cve-2024-53277...

5.4CVSS6.8AI score0.00305EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/07/30 11:41 p.m.•15 views

SS-2023-002 - Cross-site scripting (XSS) vulnerabilities inherited form TinyMCE

More info at https://www.silverstripe.org/download/security-releases/SS-2023-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/07/30 11:39 p.m.•15 views

CVE-2023-32302 - Members with no password can be created and bypass custom login forms

More info at https://www.silverstripe.org/download/security-releases/CVE-2023-32302...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/13 1:52 p.m.•15 views

XSS vulnerability in blade templating

More info at https://github.com/laravel/framework/pull/31945...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2406: Cross-Site Scripting via Payment Method Title

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•15 views

PRODSECBUG-2367: Remote code execution due to unsafe handling of a carrier gateway

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/09/24 4:51 p.m.•15 views

CVE-2019-12203: Session fixation in "change password" form

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12203/...

6.3CVSS7.2AI score0.0038EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/01/22 8:41 a.m.•15 views

Arbitrary Code Execution via File List Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-008...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/01/22 8:41 a.m.•15 views

Cross-Site Scripting in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-007...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/11 9:55 a.m.•15 views

Information Disclosure in Install Tool

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/11/06 11:52 a.m.•15 views

CVE-2018-19789: Temporary uploaded file path disclosure

More info at https://symfony.com/cve-2018-19789...

5.3CVSS7.2AI score0.03589EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/10/02 12:1 a.m.•15 views

Action case insensitivity

Fix security breach = required role for action was not required for Action nor ACTION. Thanks to [email protected]...

1.7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/07/12 9:34 a.m.•15 views

Authentication Bypass in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/07/12 9:34 a.m.•15 views

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/06/28 12:0 a.m.•15 views

Adminer script versions up to 4.6.2 contains file disclosure vulnerability

More info at https://sansec.io/research/adminer-4.6.2-file-disclosure-vulnerability...

0.7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/03/06 3:40 p.m.•15 views

Potential SQL injection vector

The SelectLimit function has a potential SQLi exploit through the use of the nrows and offset parameters which are not forced to integers. Fixes 400...

4.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/06/22 10:7 a.m.•15 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail2015.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/05/15 9:9 a.m.•15 views

Remote Code Execution

$highlight = Pygmentize::highlight'?php phpinfo;', ';uname -a '; printr$highlight; This will produce the following output: Darwin Micheals-MBP 16.1.0 Darwin Kernel Version 16.1.0: Thu Oct 13 21:26:57 PDT 2016; root:xnu-3789.21.360/RELEASEX8664 x8664 The problem lines appear to be here:...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/10/31 9:0 a.m.•15 views

Local File Inclusion Vulnerability

More info at https://hackerone.com/reports/179034...

0.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/09/02 12:48 p.m.•15 views

Potential SQL injection in ORDER and GROUP functions of ZF1

More info at https://framework.zend.com/security/advisory/ZF2016-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/11/23 2:30 p.m.•15 views

Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey

More info at https://framework.zend.com/security/advisory/ZF2015-10...

7.5CVSS7.2AI score0.01356EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/11/23 11:45 a.m.•15 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/04/29 11:30 a.m.•15 views

SecurityComponent cross form submission issue

More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702