Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2014/02/26 4:2 p.m.15 views

Potential XSS vector in multiple view helpers

More info at https://framework.zend.com/security/advisory/ZF2014-03...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/11/28 10:4 a.m.15 views

code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument

security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...

7.3AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2010/01/08 5:31 p.m.15 views

Potential XSS vector in Zend_Service_ReCaptcha_MailHide

More info at https://framework.zend.com/security/advisory/ZF2010-05...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade

More info at https://symfony.com/cve-2026-48747...

5.8AI score0.00018EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content

More info at https://symfony.com/cve-2026-48761...

5.8AI score0.00051EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

CVE-2024-50345: Open redirect via browser-sanitized URLs

More info at https://symfony.com/cve-2024-50345...

6.1CVSS6.6AI score0.00565EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points

More info at https://symfony.com/cve-2026-47732...

5.8AI score0.00044EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

CVE-2026-45064: HtmlSanitizer URL Attributes Pass Through BiDi Override Characters → Visual href Spoofing

More info at https://symfony.com/cve-2026-45064...

5.8AI score0.00069EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

XSS in various backend modules

More info at https://www.neos.io/blog/xss-in-various-backend-modules.html...

5.4CVSS7.2AI score0.00564EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/04/27 8:30 p.m.14 views

Remote code execution via evaluation of user-controlled input in validation rules

Impact A remote code execution RCE vulnerability affects versions 0.13.2 through 0.13.21. When documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may be evaluated during documentation generation, leading to execution of...

6.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/04/10 2:37 a.m.14 views

CVE-2025-30148 - XSS vulnerability in HTML editor

More info at https://www.silverstripe.org/download/security-releases/cve-2025-30148...

5.4CVSS6.7AI score0.00268EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/04/03 3:3 p.m.14 views

GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

7.5CVSS6.8AI score0.00573EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/03/18 9:27 a.m.14 views

TYPO3-EXT-SA-2025-002: Cross-Site Scripting in extension “Additional TCA” (additional_tca)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-002...

6.8AI score0.0036EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/11/20 2:58 p.m.14 views

TYPO3-EXT-SA-2023-009: Insecure Direct Object Reference in extension "Content Consent" (content_consent)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-009...

7.2AI score0.00598EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/08/07 9:18 a.m.14 views

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/07/16 4:24 p.m.14 views

Critical - Access bypass

More info at https://www.drupal.org/sa-core-2019-008...

9.8CVSS7.2AI score0.01861EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 6:40 a.m.14 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/05/07 9:42 a.m.14 views

Information Disclosure in Page Tree

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/02/12 12:0 p.m.14 views

Remote code execution

More info at https://www.passbolt.com/incidents/20190211multiplevulnerabilities...

0.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/12/20 4:16 p.m.14 views

Credentials exposure in session storage

More info at https://simplesamlphp.org/security/201812-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/10/31 12:19 p.m.14 views

Possible DOS attack with long user-submitted passwords (correct fix for CVE-2013-5958)

See https://twitter.com/CiPHPerCoder/status/1050427719941525504 for discussion...

5CVSS6.1AI score0.01868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/07/12 9:34 a.m.14 views

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-002...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/24 1:11 p.m.14 views

SS-2018-012: Uploaded PHP script execution in assets

More info at https://www.silverstripe.org/download/security-releases/ss-2018-012/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/05/24 1:11 p.m.14 views

SS-2018-006: Code execution vulnerability

More info at https://www.silverstripe.org/download/security-releases/ss-2018-006/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/02/16 1:38 p.m.14 views

SQL injection possible with limit() on MySQL

The limit query method is susceptible to catastrophic SQL injection with MySQL. For example, given a model User for a table users: php UserQuery::create-limit'1;DROP TABLE users'-find; This will drop the users table! The cause appears to be a lack of integer casting of the limit input in either...

8.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/09/05 11:37 a.m.14 views

Information Disclosure in TYPO3 CMS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/03/15 8:19 p.m.14 views

Remote code execution

More info at https://www.drupal.org/SA-2017-001...

8.1CVSS7.2AI score0.03901EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/01/31 11:39 a.m.14 views

SS-2017-001: XSS In page name

More info at https://www.silverstripe.org/download/security-releases/ss-2017-001/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/01/24 3:56 p.m.14 views

Remote Code Execution Vulnerability

More info at https://community.shopware.com/detail1989.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/11/22 10:9 a.m.14 views

Path Traversal in TYPO3 Core

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-024/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/10/31 9:0 a.m.14 views

Local File Inclusion Vulnerability

More info at https://hackerone.com/reports/179034...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/08/30 10:37 a.m.14 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/...

0.6AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/08/15 6:5 p.m.14 views

SS-2016-007: VersionedRequestFilter vulnerability

More info at https://www.silverstripe.org/download/security-releases/ss-2016-007/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/07/19 1:3 p.m.14 views

SQL Injection in TYPO3 Frontend Login

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-016...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/07/19 1:3 p.m.14 views

Information Disclosure in TYPO3 Backend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/06/06 9:50 a.m.14 views

Link injection

More info at https://simplesamlphp.org/security/201606-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/03/16 12:0 a.m.14 views

Uses insecure CSPRNG (openssl_random_pseudo_bytes())

It's not fork safe In most versions of PHP, it lies about being secure And today I learned that OpenSSL, by default i.e. unchangable from PHP land uses MD5 as a CSPRNG thanks @atoponce I'm stuck between several possible avenues: Release a new version v1.3.0 or most likely v2.0.0 that doesn't rely...

1.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/16 12:32 p.m.14 views

Cross-Site Scripting in legacy form component

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-003/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/12/15 11:38 a.m.14 views

Multiple Cross-Site Scripting vulnerabilities in frontend

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 2:30 p.m.14 views

Potential Information Disclosure in Zend\Crypt\PublicKey\Rsa\PublicKey

More info at https://framework.zend.com/security/advisory/ZF2015-10...

7.5CVSS7.2AI score0.01356EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 11:45 a.m.14 views

CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature

More info at https://symfony.com/cve-2015-8124...

6.8CVSS7.2AI score0.02712EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/10/27 12:30 p.m.14 views

XSS attack vector in Security Library method xss_clean()

More info at https://www.codeigniter.com/userguide/changelog.htmlversion-3-0-3...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/02/19 10:59 a.m.14 views

Attackers able to impersonate users

Merge branch 'disabling-none-by-default'...

6.7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/06/13 11:45 a.m.14 views

Sendmail transport arbitrary shell execution

More info at http://blog.swiftmailer.org/post/88660759928/security-fix-swiftmailer-5-2-1-released...

1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/05/20 10:21 a.m.14 views

Risk of mass-assignment vulnerabilities

More info at https://laravel.com/docs/5.3/upgradeupgrade-4.1.29...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/26 4:2 p.m.14 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/13 11:12 a.m.14 views

PHP object injection vulnerability allows for arbitrary code execution

More info at https://contao.org/en/news/major-security-hole-found-in-contao.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/01/22 12:35 p.m.14 views

Fixed issue with broken validation of JSONP callbacks

More info at https://symfony.com/blog/fosrestbundle-security-issue-with-jsonp-handler...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2013/04/11 10:24 a.m.14 views

Local file exposure on Windows installations

More info at https://groups.google.com/forum/?fromgroups=!topic/sabredav-discuss/ehOUu7wTSGQ...

5CVSS6.8AI score0.01779EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/08/27 7:17 p.m.14 views

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702