Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•38 views

PRODSECBUG-2244: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/03/28 7:30 p.m.•38 views

Highly critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-002...

9.8CVSS7.2AI score0.99993EPSS
Exploits46Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/05/13 10:53 a.m.•38 views

Exploit in the private channel authentication

More info at https://blog.pusher.com/update-on-security/...

0.5AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•38 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•38 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS5.4AI score0.01193EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2025/05/16 3:52 p.m.•37 views

TYPO3-EXT-SA-2025-006: Insecure Direct Object Reference in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2025-006...

5.3CVSS7.2AI score0.00242EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/04/24 12:2 p.m.•37 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS4.5AI score0.00408EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/14 7:11 a.m.•37 views

TYPO3-CORE-SA-2022-004: Cross-Site Scripting in Frontend Login Mailer

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-004...

5.4CVSS7.2AI score0.00717EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/05/05 6:38 a.m.•37 views

Cross site scripting via canonical URL

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-canonical-url.html...

7.2CVSS7.2AI score0.04396EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/01/24 5:41 p.m.•37 views

CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4

Impact Cross-Site Scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4. Attackers can do XSS attacks if you are using API\ResponseTrait. Patches Upgrade to v4.1.8 or later. Workarounds Do one of the following: 1. Do not use API\ResponseTrait nor ResourceController 2. Disable...

6.1CVSS5.5AI score0.01002EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•37 views

CVE-2022-38724 - XSS in shortcodes

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38724...

5.4CVSS7.2AI score0.00653EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/06/16 4:20 p.m.•37 views

Untrusted code may be run from an overridden address validator

This is a security release. SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details. The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in th...

8.1CVSS8AI score0.02803EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/04/06 1:43 p.m.•37 views

Improper Certificate Validation in phpseclib

No description provided...

5CVSS7.3AI score0.01055EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/03 8:51 a.m.•37 views

Insecure Deserialization of untrusted data

Impact Unserialization of untrusted data. Patches The issue has been patched and users of Requests 1.6.0, 1.6.1 and 1.7.0 should update to version 1.8.0. References Publications about the vulnerability:...

9.8CVSS9.4AI score0.16119EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/26 2:2 p.m.•37 views

User content can redirect the logout button to different URL

More info at https://phabricator.wikimedia.org/T232932...

6.1CVSS7.2AI score0.01429EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2494: Arbitrary file deletion through design layout update

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00791EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2418: SQL injection via marketing account with access to email templates variables

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01002EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2434: SQL injection in 'Catalog Products List' widget leading to privilege escalation

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01255EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2332: Remote code execution through arbitrary file inclusion

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01886EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•37 views

PRODSECBUG-2198: SQL Injection due to a flaw in MySQL adapter

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

9.8CVSS7.2AI score0.1545EPSS
Exploits2Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•37 views

PRODSECBUG-2363: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•37 views

PRODSECBUG-2349: Arbitrary code execution via file upload in admin import feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

9CVSS7.2AI score0.02421EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•37 views

PRODSECBUG-2226: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•37 views

PRODSECBUG-2320: Arbitrary code execution due to unsafe handling of system configuration

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01438EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/18 4:37 p.m.•37 views

HTTP Proxy header vulnerability

More info at https://twitter.com/asyncphp/status/755136084917583872...

8.1CVSS6.8AI score0.50427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/08/03 3:13 p.m.•37 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•37 views

CVE-2020-15143: Remote Code Execution in ParametersParser while using request parameters inside expression language

Impact Request parameters injected inside an expression evaluated by symfony/expression-language package haven't been sanitized properly. This allows the attacker to access any public service by manipulating that request parameter, allowing for Remote Code Execution. The vulnerable versions...

8.8CVSS8.9AI score0.01914EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•37 views

CVE-2023-46733: Potential XSS in WebhookController

More info at https://symfony.com/cve-2023-46733...

6.5CVSS7.2AI score0.00689EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2026/04/17 12:52 p.m.•36 views

Argument injection via newline in PHP INI values forwarded to child processes

Impact PHPUnit forwards PHP INI settings to child processes used for isolated/PHPT test execution as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newli...

7.8CVSS6.6AI score0.00343EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/12/12 9:17 a.m.•36 views

Denial of service caused by infinite recursion when parsing SVG images

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-50262...

7.5CVSS7.2AI score0.01463EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/02/07 9:24 a.m.•36 views

TYPO3-CORE-SA-2023-001: Persisted Cross-Site Scripting in Frontend Rendering

More info at https://typo3.org/security/advisory/typo3-core-sa-2023-001...

8.8CVSS7.2AI score0.00831EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/10/06 9:39 a.m.•36 views

CVE-2022-39284: Config\Cookie Secure or HttpOnly flag not set in CodeIgniter4

Impact Setting $secure or $httponly value to true in Config\Cookie is not reflected in setcookie or Response::setCookie. Note This vulnerability does not affect session cookies. The following code does not issue a cookie with the secure flag even if you set $secure = true in Config\Cookie. php...

4.3CVSS4.2AI score0.00825EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/05/12 8:0 a.m.•36 views

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

5CVSS5.6AI score0.01712EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/16 8:58 a.m.•36 views

TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-005...

7.5CVSS7.8AI score0.01731EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/05/12 9:21 a.m.•36 views

TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-004...

10CVSS7.2AI score0.01472EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•36 views

PRODSECBUG-2484: Arbitrary file deletion through export data data transfer

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.5CVSS7.2AI score0.00791EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2300: Information about disabled products can be leaked due to inadequate validation checks

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-1513: Insufficient brute force protections on promo code entry

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.03121EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2173: Path traversal vulnerability in WYSIWYG editor.

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

7.5CVSS7.2AI score0.01454EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2301: Names of disabled products can be leaked due to inadequate validation checks

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2347: Insufficient brute-forcing defenses in the token exchange protocol could be abused in carding attacks

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.5CVSS7.2AI score0.01175EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2307: Insufficient enforcement of user access controls can lead to unauthorized environment configuration changes

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2345: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/02/26 12:10 p.m.•36 views

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector.

Changes form previous version All previous changes is here. - VD:abstract fix animated image conversion on ImageMagick - Security,VD:abstract CVE-2019-9194 fix command injection vulnerability of PHP connector Special thanks to Thomas Chauchefoin Synacktiv for reporting this vulnerability...

9.8CVSS9.7AI score0.96633EPSS
Exploits11Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/16 3:12 p.m.•36 views

CVE-2017-16653: CSRF protection does not use different tokens for HTTP and HTTPS

More info at https://symfony.com/cve-2017-16653...

5.9CVSS7.2AI score0.01472EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/12/28 12:28 p.m.•36 views

Remote Code Execution

Important security update! This release patches the critical vulnerability described in CVE-2016-10045 a remote code execution vulnerability, responsibly reported by Dawid Golunski, and patched by Paul Buonopane @Zenexer. Possible side effect - complex sender addresses such as those used in VERP...

9.8CVSS10AI score0.98038EPSS
Exploits19Affected Software1
Friends Of PHP
Friends Of PHP
•added 2012/03/19 3:59 p.m.•36 views

Routes behind a firewall are accessible even when not logged in

More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...

6.4CVSS7.2AI score0.01876EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•36 views

Unauthenticated crypto and weak IV in Magento\Framework\Encryption

More info at http://www.openwall.com/lists/oss-security/2016/07/19/3...

7.5CVSS7.2AI score0.00846EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•36 views

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

More info at https://www.drupal.org/sa-core-2020-012...

8.8CVSS7.2AI score0.04269EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/11/22 12:0 a.m.•35 views

Potential URI resolution path traversal in the AWS SDK for PHP

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-51651...

6CVSS7.2AI score0.00376EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702