Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2019/04/09 12:21 p.m.•41 views

Confirming an opt-in token does not invalidate previous opt-in tokens

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10643.html...

9.8CVSS7.2AI score0.01254EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/29 8:39 p.m.•41 views

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

6.1CVSS6AI score0.01597EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/12/11 9:55 a.m.•41 views

Cross-Site Scripting in CKEditor

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-005...

6.1CVSS9.7AI score0.01954EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/11/13 5:52 p.m.•41 views

RCE vulnerability in phpunit

More info at https://nvd.nist.gov/vuln/detail/CVE-2017-9841...

9.8CVSS9.7AI score0.99999EPSS
Exploits19Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•41 views

Highly critical - Remote Code Execution

More info at https://www.drupal.org/SA-CORE-2019-003...

8.1CVSS7.2AI score0.91919EPSS
Exploits22Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•41 views

SQL injection vulnerabililty in the file manager search filter

More info at https://contao.org/en/news/security-vulnerability-cve-2019-11512.html...

9.8CVSS7.2AI score0.01462EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•41 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•41 views

Information disclosure in the back end

More info at https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html...

5.3CVSS7.2AI score0.0088EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/04/10 4:24 p.m.•40 views

Deserialization of Untrusted Data in timber/timber

Summary Timber is vulnerable to PHAR deserialization due to a lack of checking the input before passing it into the fileexists function. If an attacker can upload files of any type to the server, he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP...

8CVSS8.2AI score0.00454EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/03/17 3:47 p.m.•40 views

PHAR deserialization allowing remote code execution

Description Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and...

7.5CVSS9.9AI score0.0276EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/12/13 9:19 a.m.•40 views

TYPO3-CORE-SA-2022-015: Arbitrary Code Execution via Form Framework

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-015...

8.8CVSS7.2AI score0.00785EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/09/13 8:6 a.m.•40 views

TYPO3-CORE-SA-2022-009: Stored Cross-Site Scripting via FileDumpController

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-009...

6.5CVSS7.2AI score0.00722EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/08/20 11:11 a.m.•40 views

ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent

Impact In ReactPHP's HTTP server component versions below v1.7.0, when ReactPHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like Host- and Secure- confused with cookies that decode to such prefix, thus leading to an attacker...

5.3CVSS6.7AI score0.00804EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/07/20 9:14 a.m.•40 views

TYPO3-CORE-SA-2021-010: Cross-Site Scripting in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-010...

6.4CVSS7.2AI score0.00598EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/17 8:49 a.m.•40 views

TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-010...

6.1CVSS7.2AI score0.00715EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/17 12:26 p.m.•40 views

XSS relating to the transformation feature

More info at https://www.phpmyadmin.net/security/PMASA-2020-5/...

6.1CVSS7.2AI score0.0219EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•40 views

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-002...

5.4CVSS7.2AI score0.0054EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•40 views

CVE-2020-5274: Fix Exception message escaping rendered by ErrorHandler

More info at https://symfony.com/cve-2020-5274...

5.5CVSS7.2AI score0.01197EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•40 views

PRODSECBUG-2440: Information disclosure through processing of external XML entities

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00877EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•40 views

PRODSECBUG-2426: Cross-Site Scripting via store name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•40 views

PRODSECBUG-2125: Deletion of Blocks via cross-site request forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/07/26 6:2 p.m.•40 views

XSS vulnerability in code example

SECURITY Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There...

6.1CVSS6.2AI score0.024EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/10 3:43 a.m.•40 views

JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks

More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...

4.3CVSS7.2AI score0.01521EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/01/19 12:56 p.m.•39 views

TYPO3-EXT-SA-2023-001: Broken Access Control in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-001...

8.6CVSS7.2AI score0.00501EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/03/08 9:29 a.m.•39 views

Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect')

Impact On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is only possible when the stream option is...

7.3CVSS6.5AI score0.00898EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/07/20 9:15 a.m.•39 views

TYPO3-CORE-SA-2021-012: Information Disclosure in User Authentication

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-012...

6.5CVSS7.2AI score0.00829EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2445: Insufficient logging and monitoring of configuration changes

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.00811EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2444: Missing logs of configuration changes related to design update

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00964EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2392: Cross-Site Scripting via PageBuilder Banner

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2408: Unrestricted upload of file with dangerous type

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00763EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2489: Cross side scripting during the preview of email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2464: Use of weak cryptographic function

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.3CVSS7.2AI score0.0092EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•39 views

PRODSECBUG-2270: Reflected cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•39 views

PRODSECBUG-2116: Stored cross-site scripting in the catalog events feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

9.8CVSS7.2AI score0.05758EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•39 views

PRODSECBUG-2187: Cross-site request forgery (CSRF) in checkout cart item

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

8.8CVSS7.2AI score0.00497EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/15 8:51 a.m.•39 views

SQL injection vulnerabililty in the back end search filter

More info at https://contao.org/en/news/contao-448.html...

9.8CVSS7.2AI score0.01178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/18 8:27 p.m.•39 views

HTTP Proxy header vulnerability

Bug Fixes Removed support for using HTTPPROXY environment variable for non-CLI apps per CVE-2016-5385 httpoxy. Graham Campbell 143 145 Convert BUGSNAGNOTIFYRELEASESTAGES to a comma-delimited array Jason Graham Campbell 142 144...

5.1CVSS0.9AI score0.50427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•39 views

Highly critical - Remote Code Execution

More info at https://www.drupal.org/SA-CORE-2019-003...

8.1CVSS7.2AI score0.91919EPSS
Exploits22Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•39 views

CVE-2019-10913: Reject invalid HTTP method overrides

More info at https://symfony.com/cve-2019-10913...

9.8CVSS7.2AI score0.01854EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•39 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

More info at https://www.drupal.org/sa-core-2020-002...

6.1CVSS7.2AI score0.00864EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•39 views

CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters

More info at https://symfony.com/cve-2023-46734...

6.1CVSS7.2AI score0.00682EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•39 views

CVE-2024-51736: Command execution hijack on Windows with Process class

More info at https://symfony.com/cve-2024-51736...

9.8CVSS6.8AI score0.0043EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/02/27 12:30 p.m.•38 views

Server-Side Request Forgery (SSRF)

Impact Releases prior to 3.0.2 are vulnerable to a Server-Side Request Forgery vulnerability that allows an attacker to send a request to an internal hostname. Patches 3.0.2 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. Part of the fix requires applyi...

9.1CVSS9.2AI score0.01617EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•38 views

CVE-2022-38145 - Stored XSS in Compare Mode

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38145...

5.4CVSS7.2AI score0.00595EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/06/17 3:0 p.m.•38 views

CVE-2021-32693: Authentication granted to all firewalls instead of just one

More info at https://symfony.com/cve-2021-32693...

8.8CVSS7.2AI score0.01388EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•38 views

PRODSECBUG-2417: Remote code execution via vulnerable Symphony dependecy injection

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.02455EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•38 views

PRODSECBUG-2455: Stored cross-site scripting (XSS) from URL in to product page

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•38 views

PRODSECBUG-2371: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•38 views

PRODSECBUG-2369: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•38 views

PRODSECBUG-2273: Sensitive data disclosure though malicious email templates

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.0095EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702