Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
added 2021/03/16 8:57 a.m.44 views

TYPO3-CORE-SA-2021-002: Unrestricted File Upload in Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-002...

8.6CVSS8.8AI score0.01631EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.44 views

PRODSECBUG-2462: Remote code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.44 views

PRODSECBUG-2458: Cross-Site Scripting in image file names

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.44 views

PRODSECBUG-2403: Remote code execution through crafted PageBuilder templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02474EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.44 views

PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.44 views

PRODSECBUG-2301: Names of disabled products can be leaked due to inadequate validation checks

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.44 views

PRODSECBUG-2299: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.44 views

PRODSECBUG-2174: Use of insufficiently random values in multiple security relevant contexts

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.01186EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.44 views

PRODSECBUG-2285: Arbitrary code execution due to unsafe handling of a carrier gateway

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01777EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/02/12 7:47 p.m.44 views

HTTP Proxy header vulnerability

Bugfixes Mitigate HTTPoxy vulnerability 23...

8.1CVSS6.4AI score0.50427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2023/11/10 8:0 a.m.43 views

CVE-2023-46735: Potential XSS in WebhookController

More info at https://symfony.com/cve-2023-46735...

6.1CVSS7.2AI score0.00568EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/06/17 3:0 p.m.43 views

CVE-2021-32693: Authentication granted to all firewalls instead of just one

More info at https://symfony.com/cve-2021-32693...

8.8CVSS7.2AI score0.01388EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.43 views

PRODSECBUG-2446: Remote code execution via custom layout update in create product functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.43 views

PRODSECBUG-2465: Bypass of user confirmation mechanism

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.5CVSS7.2AI score0.0056EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.43 views

PRODSECBUG-2194: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.43 views

PRODSECBUG-2095: Defense-in-depth session validation check implemented

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.01151EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.43 views

PRODSECBUG-2363: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.43 views

PRODSECBUG-2276: Insecure Direct Object Reference (IDOR) vulnerability can expose order shipping details

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.00836EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/04/18 9:23 a.m.43 views

Cross-site scripting (XSS) vulnerability in the system log of the back end

More info at https://contao.org/en/news/contao-4418.html...

6.1CVSS6.5AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.43 views

Insert tag injection in front end forms

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/09/13 8:7 a.m.43 views

TYPO3-CORE-SA-2022-011: By-passing Cross-Site Scripting Protection in HTML Sanitizer

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-011...

6.1CVSS7.2AI score0.00633EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/02/26 12:51 a.m.42 views

CVE-2022-24711: Remote CLI Command Execution Vulnerability in CodeIgniter4

Impact This vulnerability allows attackers to execute CLI routes via HTTP request. Patches Upgrade to v4.1.9 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Open an issue in codeigniter4/CodeIgniter4 Email us at SECURITY.md...

9.8CVSS9.5AI score0.01154EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/02/20 1:28 p.m.42 views

URL Redirection to Untrusted Site ('Open Redirect')

Description Impact Releases prior to 3.0.1 are vulnerable to an open redirect vulnerability that allows an attacker to construct a URL that redirects to an arbitrary external domain. Patches 3.0.1 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. Referenc...

5.8CVSS6.2AI score0.03378EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/01/13 2:35 p.m.42 views

Unexpected bindings in QueryBuilder

More info at https://blog.laravel.com/security-laravel-62011-7302-8221-released https://blog.laravel.com/security-laravel-62012-7303-released...

7.2CVSS7.2AI score0.01605EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/12/17 11:43 a.m.43 views

Insert tag injection in the login module

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.42 views

PRODSECBUG-2309: Server-side request forgery via crafted connector endpoint 

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.42 views

PRODSECBUG-2449: Remote code execution via local file delete and XSLT injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01852EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/07/01 12:55 p.m.42 views

XXE Vulnerability

This is: - a bugfix - a new feature - X security Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the...

8.8CVSS8.7AI score0.0135EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.42 views

PRODSECBUG-2246: Stored cross-site scripting in the WYSIWYG editor

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.42 views

PRODSECBUG-2270: Reflected cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.42 views

PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.42 views

PRODSECBUG-2233: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.1CVSS7.2AI score0.00846EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.42 views

PRODSECBUG-2343: Insecure Direct Object Reference (IDOR) vulnerability can lead to deletion of downloadable products folder

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.5CVSS7.2AI score0.0073EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/04/16 3:19 p.m.42 views

Fixed being bypassable of CVE-2019-6257 SSRF.

Changes form previous version All previous changes is here. js:core Fixed 2863 cssAutoLoad Array option is not working js:core Fixed 2862 stop autoSync when browser tab turn to background cmd:search Fixed 2867 support incremental search other than filename VD:abstract Fixed 2873 correct MIME-Type...

4CVSS7.4AI score0.01098EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2018/01/16 10:51 a.m.42 views

Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from thin air.

Bugfixes Fixed a security issue discovered by @hernandev that enabled an attacker to impersonate any registered user in a Firebase application...

8.1CVSS7.9AI score0.01335EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2017/07/17 10:54 a.m.42 views

CVE-2017-11365: Empty passwords validation issue

More info at https://symfony.com/cve-2017-11365...

9.8CVSS7.2AI score0.01855EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.42 views

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

6.1CVSS5.9AI score0.01244EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.42 views

CVE-2020-5220: Ability to define unintended serialisation groups via HTTP header which might lead to data exposure

Impact ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's...

5.3CVSS4.9AI score0.00737EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/12/18 10:37 p.m.41 views

CVE-2022-42949 - Subsite weakens file permissions

More info at https://www.silverstripe.org/download/security-releases/cve-2022-42949...

7.5CVSS7.2AI score0.00524EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2022/09/13 8:7 a.m.41 views

TYPO3-CORE-SA-2022-006: Denial of Service in Page Error Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-006...

7.5CVSS7.2AI score0.01312EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2021/08/10 7:50 a.m.41 views

TYPO3-CORE-SA-2021-013: Cross-Site Scripting via Rich-Text Content

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-013...

6.1CVSS7.2AI score0.00727EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/11/17 8:51 a.m.41 views

TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-012...

3.7CVSS7.2AI score0.00636EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2020/05/12 9:21 a.m.41 views

TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-005...

8.8CVSS7.2AI score0.0199EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/10/08 12:0 a.m.41 views

PRODSECBUG-2390: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.0214EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 6:39 a.m.41 views

Security Misconfiguration in Frontend Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-018...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.41 views

PRODSECBUG-2164: Use of cryptographically weak PRNG to create gift card codes

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.3CVSS7.2AI score0.0097EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.41 views

PRODSECBUG-2369: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.41 views

PRODSECBUG-2246: Stored cross-site scripting in the WYSIWYG editor

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.41 views

PRODSECBUG-2429: Insecure object reference via customer REST API

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.5CVSS7.2AI score0.02161EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2019/06/25 12:0 a.m.41 views

PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.02413EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702