Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2022/12/13 9:19 a.m.•35 views

TYPO3-CORE-SA-2022-016: Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-016...

5.7CVSS7.2AI score0.00514EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/10/31 5:7 p.m.•35 views

TYPO3-EXT-SA-2022-015: Broken Access Control in extension "femanager" (femanager)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-015...

5.3CVSS7.2AI score0.00603EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•35 views

CVE-2022-38724 - XSS in shortcodes

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38724...

5.4CVSS7.2AI score0.00653EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/15 10:47 a.m.•35 views

CVE-2021-41270: Prevent CSV Injection via formulas

More info at https://symfony.com/cve-2021-41270...

6.5CVSS7.2AI score0.01355EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/05/12 8:0 a.m.•35 views

CVE-2021-21424: Prevent user enumeration via response content in authentication mechanisms

More info at https://symfony.com/cve-2021-21424...

5.3CVSS5.7AI score0.01712EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/03/16 8:58 a.m.•35 views

TYPO3-CORE-SA-2021-008: Cross-Site Scripting in Content Preview

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-008...

5.4CVSS5.8AI score0.00872EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/17 9:18 a.m.•35 views

Remote code execution

Hello, as discussed by email, this fixes a serious vulnerability. Hopefully my code is OK-ish...

9.8CVSS9.6AI score0.99943EPSS
Exploits36Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/08/25 3:50 a.m.•35 views

CVE-2020-15227: Potential Remote Code Execution vulnerability

More info at https://blog.nette.org/en/cve-2020-15227-potential-remote-code-execution-vulnerability...

9.8CVSS7.2AI score0.35228EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/02/04 11:40 a.m.•35 views

Relative Path Traversal (CWE-23) in chunked uploads

Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validating these...

8.8CVSS8.6AI score0.03929EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/13 2:35 p.m.•35 views

Unexpected bindings in QueryBuilder

More info at https://blog.laravel.com/security-laravel-62011-7302-8221-released...

7.2CVSS7.2AI score0.01605EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•35 views

PRODSECBUG-2376: Remote code execution through crafted page layout and image data

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•35 views

PRODSECBUG-2470: Remote Code Execution in email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01919EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•35 views

PRODSECBUG-2485: Information Disclosure via File upload functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01117EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•35 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

5.4CVSS7.2AI score0.00566EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•35 views

PRODSECBUG-2375: Arbitrary code execution via malicious XML layouts

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01921EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•35 views

PRODSECBUG-2317: Stored cross-site scripting in admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•35 views

PRODSECBUG-2275: Unsafe functionality is exposed via email templates manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

6.5CVSS7.2AI score0.00805EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•35 views

PRODSECBUG-2299: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•35 views

PRODSECBUG-2220: Deletion of store design schedule via cross-site request forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

5.8CVSS7.2AI score0.00378EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/03/21 10:52 p.m.•35 views

XSS vulnerability with double-encoded entities

An XSS vulnerability CVE-2019-10010 has been identified in all previous versions of this library 0.18.2 and below. The issue has been fixed in version 0.18.3. All users should upgrade to version 0.18.3 immediately. Additionally, if your application caches the resulting HTML, please purge and/or...

6.1CVSS5.9AI score0.0105EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/01/22 8:41 a.m.•35 views

Cross-Site Scripting in Bootstrap CSS toolkit

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-006...

6.1CVSS9.7AI score0.04293EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/15 8:22 a.m.•35 views

Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2 (see CVE-2013-1967)

More info at https://contao.org/en/news/contao-3515.html...

4.3CVSS6.8AI score0.02214EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/05/09 9:34 p.m.•35 views

CVE-2016-2403: Unauthorized access on a misconfigured Ldap server when using an empty password

More info at https://symfony.com/cve-2016-2403...

9.8CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/07/24 12:41 a.m.•35 views

Security Misconfiguration Vulnerability in the AWS SDK for PHP

SECURITY FIX: This release addresses a security issue associated with CVE-2015-5723, specifically, fixes improper default directory umask behavior that could potentially allow unauthorized modifications of PHP code. Thanks to @ryan-lane for the initial report. Aws\Ec2 - Added support for...

7.2CVSS7.6AI score0.00381EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•35 views

CVE-2019-18886: Prevent user enumeration using switch user functionality

More info at https://symfony.com/cve-2019-18886...

5.3CVSS7.2AI score0.01552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•35 views

Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...

8.2CVSS7.3AI score0.00699EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•35 views

PHPMemcachedAdmin Path Traversal vulnerability

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6026...

9.8CVSS7.2AI score0.00864EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•36 views

Unrestricted file uploads

More info at https://contao.org/en/security-advisories/unrestricted-file-uploads.html...

8.8CVSS7.2AI score0.01108EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/08/16 10:5 a.m.•34 views

TYPO3-EXT-SA-2023-007: Broken Access Control in extension "hCaptcha for EXT:form" (hcaptcha)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2023-007...

5.3CVSS7.2AI score0.00515EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/12/22 2:49 a.m.•34 views

CVE-2022-23556: Attackers may spoof IP address when using proxy

Impact This vulnerability may allow attackers to spoof their IP address when your server is behind a reverse proxy. Patches Upgrade to v4.2.11 or later, and configure Config\App::$proxyIPs. Workarounds Do not use $request-getIPAddress. References -...

7.5CVSS7AI score0.00373EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/12/13 11:23 a.m.•34 views

TYPO3-EXT-SA-2022-016: Insufficient Session Expiration after Password Change in extension "Change password for frontend users" (fe_change_pwd)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-016...

9.8CVSS7.2AI score0.00441EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/02/20 1:28 p.m.•34 views

URL Redirection to Untrusted Site ('Open Redirect')

Impact Releases prior to 3.0.1 are vulnerable to an open redirect vulnerability that allows an attacker to construct a URL that redirects to an arbitrary external domain. Patches 3.0.1 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. References...

6.1CVSS6.1AI score0.03378EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/01/04 12:59 a.m.•34 views

CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4

Description Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL...

7.5CVSS10.1AI score0.37671EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•34 views

CVE-2022-38147 - XSS via uploaded gpx file

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38147...

5.4CVSS7.2AI score0.00516EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•34 views

CVE-2022-38462 - Reflected XSS in querystring parameters

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38462...

6.1CVSS7.2AI score0.00472EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/09/28 7:36 p.m.•34 views

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

Impact Users of HMAC-based algorithms HS256, HS384, and HS512 combined with Lcobucci\JWT\Signer\Key\LocalFileReference as key are having their tokens issued/validated using the file path as hashing key - instead of the contents. The HMAC hashing functions take any string as input and, since users...

4.4CVSS4.4AI score0.00199EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/04/29 12:16 p.m.•34 views

Object injection via local phar file

This is a security release. SECURITY Fixes CVE-2020-36326, a regression of CVE-2018-19296 object injection introduced in 6.1.8, see SECURITY.md for details Reject more file paths that look like URLs, matching RFC3986 spec, blocking URLS using schemes such as ssh2 Ensure method signature consisten...

9.8CVSS8.8AI score0.03095EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/04/08 5:36 a.m.•34 views

Parsoid comment fostering allows for inserting mostly arbitrary <meta> tags

More info at https://phabricator.wikimedia.org/T279451...

6.1CVSS7.2AI score0.00981EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/17 8:49 a.m.•34 views

TYPO3-CORE-SA-2020-010: Cross-Site Scripting in Fluid view helpers

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-010...

6.1CVSS7.2AI score0.00715EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/07/16 7:31 a.m.•34 views

Sensitive Information Disclosure in extension "Media Content Element" (mediace)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2020-014...

9.8CVSS7.2AI score0.02721EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•34 views

Directory Traversal on ZIP extraction

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-024...

7.2CVSS7.2AI score0.01452EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•34 views

PRODSECBUG-2290: Cross-Site Scripting via admin panel

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•34 views

PRODSECBUG-2366: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•34 views

PRODSECBUG-2317: Stored cross-site scripting in admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•34 views

PRODSECBUG-2353: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•34 views

PRODSECBUG-2171: Insecure token implementation leads to Cross-Site Request Forgery (CSRF)

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

4.3CVSS7.2AI score0.00378EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•34 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00439EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/03/26 12:0 a.m.•34 views

SUPEE-11086 - RCE, XSS, CSRF and other vulnerabilities

More info at https://magento.com/security/patches/supee-11086...

9.8CVSS7.2AI score0.1545EPSS
Exploits2Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/03/20 10:14 a.m.•34 views

Potential SQL injection in methods `yii\db\ActiveRecord::findOne()` and `::findAll()`

More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...

9.8CVSS7.2AI score0.01363EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/07/12 9:9 a.m.•34 views

A logged in back end user can include arbitrary existing PHP files by manipulating an URL parameter

More info at https://contao.org/en/news/contao-441.html...

8.8CVSS7.2AI score0.01962EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702