Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2015/09/15 3:50 p.m.13 views

Potential SQL injection vector using null byte for PDO (MsSql, SQLite)

More info at https://framework.zend.com/security/advisory/ZF2015-08...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/09/08 10:57 a.m.13 views

Frontend: Unauthenticated Path Disclosure

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/05/25 10:52 a.m.13 views

SS-2015-011: Potential SQL Injection Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-011/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/04/01 6:8 p.m.13 views

Critical vulnerabilities in JSON Web Token libraries

More info at https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/03/28 6:24 p.m.13 views

Privilege Escalation in TYPO3 Neos

More info at https://www.neos.io/blog/neos-sa-2015-001.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/03/20 7:29 p.m.13 views

SS-2016-012: Missing ACL on reports

More info at https://www.silverstripe.org/download/security-releases/ss-2016-012/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/02/12 3:55 p.m.13 views

SS-2015-007: XSS In FormAction

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-007/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/02/12 3:55 p.m.13 views

SS-2015-003: History XSS Vulnerability

More info at https://www.silverstripe.org/software/download/security-releases/ss-2015-003/...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/01/08 2:18 p.m.13 views

XSS vulnerability in login redirect param

Security advisory: XSS vulnerability in login redirect param ZfcUser version 1.2.2 has been released and includes a security for this vulnerability. Fix has been applied in @baf0e460 Affected versions All versions below 1.2.2 are affected. dev-master is fixed starting from @2cc167a Exploits Becau...

4.3CVSS5.8AI score0.01892EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/12/10 10:7 a.m.13 views

Possible cache poisining on the homepage when anchors are used

More info at https://typo3.org/security/advisory/typo3-core-sa-2014-003...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/04/29 11:30 a.m.13 views

SecurityComponent cross form submission issue

More info at https://bakery.cakephp.org/2014/04/29/CakePHP-1-3-18-and-2-4-8-released.html...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/04/26 8:4 p.m.13 views

Authentication adapter did not verify validity of tokens

Previous to @2ca5bb1c2f11537be8f94ca6867d8d69789e744a release 0.1.2, tokens weren't checked for validity/expiration. This potentially caused a security issue if expired tokens were not deleted after the expiration time was past, allowing anyone to still use invalidated authentication credentials...

4.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/04/15 12:19 p.m.13 views

Hijacked authentication cookies vulnerability

More info at https://laravel.com/docs/5.3/upgradeupgrade-4.1.26...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/04/15 12:19 p.m.13 views

Hijacked authentication cookies vulnerability

More info at https://laravel.com/docs/5.1/upgradeupgrade-4.1.26...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2014/02/26 4:2 p.m.13 views

Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse

More info at https://framework.zend.com/security/advisory/ZF2014-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/08/27 7:17 p.m.13 views

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/08/27 7:17 p.m.13 views

Security fixes related to the way XML is handled

More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/07/10 12:35 p.m.13 views

Fixed the user refreshing to check the identity by primary key instead of username

Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...

5.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2012/02/24 1:26 p.m.13 views

XML decoding attack vector through external entities

More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2010/01/08 5:31 p.m.13 views

Potential Security Issues in Bundled Dojo Library

More info at https://framework.zend.com/security/advisory/ZF2010-06...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2010/01/08 5:31 p.m.13 views

Potential XSS vectors due to inconsistent encodings

More info at https://framework.zend.com/security/advisory/ZF2010-01...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

CVE-2026-45304: YAML Parser Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

More info at https://symfony.com/cve-2026-45304...

5.8AI score0.00076EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

CVE-2026-45073: SQL Injection in PdoAdapter::doClear() via Unsanitized $prefix

More info at https://symfony.com/cve-2026-45073...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Remote Code Execution via Chosen-Ciphertext Attack

https://github.com/titon/framework/blob/cbf44729173d3a83b91a2b0a217c6b3827512e44/src/Titon/Crypto/OpenSslCipher.hhL30-L39 You aren't authenticating your ciphertexts, and then you're passing the decrypted result to unserialize. See also:...

7.1AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Filter input to avoid XPath injection

Filter input for its use in XPath expressions In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white...

6.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Stored XSS on first/last name during setup

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010

More info at https://www.drupal.org/sa-core-2019-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011

More info at https://www.drupal.org/sa-core-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Content moderation - Moderately critical - Access bypass

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/06/09 8:56 a.m.12 views

TYPO3-CORE-SA-2026-008: Broken Access Control in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2026-008...

7.6CVSS5.4AI score0.00253EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/20 8:0 a.m.12 views

CVE-2026-45075: HEAD Request Bypasses methods: ['GET'] Filter in #[IsGranted] / #[IsSignatureValid] / #[IsCsrfTokenValid]

More info at https://symfony.com/cve-2026-45075...

5.8AI score0.00052EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/20 8:0 a.m.12 views

CVE-2026-45072: Stored XSS in WebProfiler CodeExtension::fileExcerpt(): Unescaped Non-PHP File Rendering

More info at https://symfony.com/cve-2026-45072...

5.8AI score0.00062EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/20 8:0 a.m.12 views

`template_from_string()` escapes a SourcePolicy-driven sandbox via synthesized template name

More info at https://symfony.com/cve-2026-46634...

5.8AI score0.00031EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/20 8:0 a.m.12 views

XSS in profiler HtmlDumper via unescaped template and profile names

More info at https://symfony.com/cve-2026-47730...

5.8AI score0.00037EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/20 8:0 a.m.12 views

Sandbox property and method bypass via object-destructuring assignment

More info at https://symfony.com/cve-2026-46639...

5.8AI score0.00082EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/18 2:30 p.m.12 views

TYPO3-EXT-SA-2026-011: Path Traversal in extension "Faceted Search" (ke_search)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-011...

5.9CVSS5.8AI score0.00404EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/05/11 7:18 p.m.12 views

TYPO3-EXT-SA-2026-008: Remote Code Execution in extension "Site Crawler" (crawler)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-008...

7.1CVSS5.8AI score0.00389EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2026/04/14 9:42 a.m.12 views

Command injection via malicious Perforce source reference/url

Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...

8.8CVSS6.3AI score0.01688EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/12/30 12:0 a.m.12 views

Missing check that a point is on the prime subgroup for Edwards25519

More info at https://00f.net/2025/12/30/libsodium-vulnerability...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/04/03 3:3 p.m.12 views

GraphQL grant on a property might be cached with different objects

Original message: I found an issue with security grants on on properties in the GraphQL ItemNormalizer: If you use something like ApiPropertysecurity: 'isgranted"PROPERTYREAD", object, property' on a member of an entity, the grant gets cached and is only evaluated once, even if the object in...

7.5CVSS6.8AI score0.00573EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2025/03/18 8:51 a.m.12 views

TYPO3-EXT-SA-2025-003: Multiple vulnerabilities in extension “[clickstorm] SEO” (cs_seo)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-003...

6.8AI score0.00558EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/04/25 11:32 p.m.12 views

SS-2023-001 - XSS vulnerability in underlying TinyMCE library

More info at https://www.silverstripe.org/download/security-releases/SS-2023-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/05/25 1:46 p.m.12 views

Read private customer data reclaiming carts

Klaviyo read customer quotes for guest carts April 28th I've found a endpoint in a thirth party module Klaviyo Magento 2 which allows to read private customer data from stores. It works by reclaiming any guest-cart as your own and reading the private data for the orders in the Magento API. Data -...

6.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/09/22 7:30 p.m.12 views

$this->validate() returns all properties, not just validated ones

IMPORTANT BUGFIX $this-validate usually only returns the validated dataset, however a regression was introduced, that caused it to return ALL data on the Livewire component. 1659...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/08/07 9:28 a.m.12 views

EZSA-2020-005 Editor XSS and trashed drafts in review queue

More info at https://ezplatform.com/security-advisories/ezsa-2020-005-editor-xss-and-trashed-drafts-in-review-queue...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/04/21 12:12 p.m.12 views

EZSA-2020-003 XSS in DemoBundle/ezdemo bundled VideoJS

More info at https://ezplatform.com/security-advisories/ezsa-2020-003-xss-in-demobundle-ezdemo-bundled-videojs...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/12/17 9:50 a.m.12 views

Cross-Site Scripting in Filelist Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-023...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/12/17 9:50 a.m.12 views

Cross-Site Scripting in Form Framework validation handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-021...

7.2AI score
Exploits0Affected Software1
Total number of security vulnerabilities1702