Lucene search
K
FriendsofphpMost viewed

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2015/09/08 10:59 a.m.•31 views

Backend: Non-Persistent Cross-Site Scripting

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/...

3.5CVSS7.2AI score0.02006EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/08/03 3:13 p.m.•31 views

XXE/XEE vector when using ZendXml on multibyte payloads

More info at https://framework.zend.com/security/advisory/ZF2015-06...

6.8CVSS9.7AI score0.09911EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/02/19 10:59 a.m.•31 views

Attackers able to impersonate users

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment For reference, this issue has been assigned ID CVE-2015-2964...

1.9AI score0.01385EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2015/02/18 7:15 p.m.•31 views

Potential SQL injection in PostgreSQL Zend\Db adapter

More info at https://framework.zend.com/security/advisory/ZF2015-02...

9.8CVSS9.7AI score0.01103EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/05/22 9:34 a.m.•31 views

Failing to properly encode user input, several backend components are susceptible to XSS

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/...

3.5CVSS7.2AI score0.01449EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/03/10 9:57 p.m.•31 views

PHP remote file inclusion vulnerability in dompdf.php

This release is superseded by version 0.7.0 This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf. Please read the new docume...

8.8CVSS7.6AI score0.39374EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 2013/08/12 1:41 a.m.•31 views

XML External Entity (XXE) issue

thanks to Kousuke Ebihara for the report and patch...

7.5CVSS6.3AI score0.02997EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

There was a problem hiding this comment. Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. Choose a reason Spam Abuse Off Topic Outdated Duplicate Resolved Hide comment I'm afraid this change is wrong. fileexists is not the only...

7.5CVSS2.9AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

Deserialization of Untrusted Data

Description This affects the package codeception/codeception from 4.0.0 before 4.1.22 and before 3.1.3. The RunProcess class can be leveraged as a gadget to run arbitrary commands on a system that is deserializing user input without validation. References...

10CVSS9.1AI score0.02714EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

Unrestricted file uploads

More info at https://contao.org/en/security-advisories/unrestricted-file-uploads.html...

8.8CVSS7.2AI score0.01108EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

CVE-2023-46733: Possible session fixation

More info at https://symfony.com/cve-2023-46733...

6.5CVSS7.2AI score0.00689EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

CVE-2019-10909: Escape validation messages in the PHP templating engine

More info at https://symfony.com/cve-2019-10909...

5.4CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

CVE-2023-46734: Potential XSS vulnerabilities in CodeExtension filters

More info at https://symfony.com/cve-2023-46734...

6.1CVSS7.2AI score0.00682EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-004...

9.8CVSS7.2AI score0.99236EPSS
Exploits14Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

More info at https://www.drupal.org/sa-core-2020-007...

6.1CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2024/07/17 12:24 a.m.•30 views

CVE-2024-32981 - XSS Vulnerability with text/html base64-encoded payload

More info at https://www.silverstripe.org/download/security-releases/cve-2024-32981...

5.4CVSS6.8AI score0.00346EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2023/11/14 9:58 a.m.•30 views

TYPO3-CORE-SA-2023-006: Weak Authentication in Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2023-006...

5.4CVSS7.2AI score0.00561EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/12/13 10:32 a.m.•30 views

TYPO3-EXT-SA-2022-017: Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2022-017...

9.1CVSS7.2AI score0.00651EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/06/14 7:11 a.m.•30 views

TYPO3-CORE-SA-2022-001: Information Disclosure via Export Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2022-001...

4.3CVSS7.2AI score0.00585EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/03/24 1:59 p.m.•30 views

Remote code injection via remote fonts

Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

9.8CVSS9.5AI score0.82438EPSS
Exploits8Affected Software1
Friends Of PHP
Friends Of PHP
•added 2022/01/21 6:21 a.m.•30 views

Possible RCE when rendering untrusted user templates

Fix CVE-2022-0323, possible RCE when rendering untrusted user templates, reported by @altm4n via huntr.dev Improve compatibility with PHP 8.1...

6.5CVSS8.5AI score0.00691EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/21 12:0 a.m.•30 views

CVE-2022-37430 - Stored XSS using uppercase characters in HTMLEditor

More info at https://www.silverstripe.org/download/security-releases/cve-2022-37430...

5.4CVSS7.2AI score0.00516EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/11/18 2:10 a.m.•30 views

Image upload bypass

By default Debian includes support for executing .phar files alongside .php and .phtml files, and should be included in the blocked list. See: https://salsa.debian.org/php-team/php/-/blob/debian/main/7.4/debian/php-cgi.confL5-7 This should also be backported into all currently supported versions ...

9.8CVSS9.4AI score0.1981EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/10/05 11:2 a.m.•30 views

TYPO3-CORE-SA-2021-014: Cross-Site-Request-Forgery in Backend URI Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-014...

8.8CVSS7.2AI score0.00619EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2021/07/20 9:14 a.m.•30 views

TYPO3-CORE-SA-2021-011: Cross-Site Scripting in Backend Grid View

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-011...

6.4CVSS7.2AI score0.00603EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/11/17 8:51 a.m.•30 views

TYPO3-CORE-SA-2020-012: XML External Entity in Dashboard Widget

More info at https://typo3.org/security/advisory/typo3-core-sa-2020-012...

3.7CVSS7.2AI score0.00636EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/09/14 9:15 p.m.•30 views

Possible remote code execution via unserialize() on user input containing specially crafted string

More info at https://www.yiiframework.com/news/303/yii-2-0-38...

10CVSS7.2AI score0.78759EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/08/25 3:50 a.m.•30 views

CVE-2020-15227: Potential Remote Code Execution vulnerability

More info at https://blog.nette.org/en/cve-2020-15227-potential-remote-code-execution-vulnerability...

9.8CVSS7.2AI score0.35228EPSS
Exploits3Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/30 2:0 p.m.•30 views

CVE-2020-5275: All rules set in "access_control" are required when the firewall is configured with the unanimous strategy

More info at https://symfony.com/cve-2020-5275...

8.1CVSS7.2AI score0.01148EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•30 views

PRODSECBUG-2342: Cross-Site Scripting mitigation bypass

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

6.1CVSS7.2AI score0.01476EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•30 views

PRODSECBUG-2448: Cross side scripting via admin panel dashboard

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•30 views

PRODSECBUG-2424: SQL injection when accessing group data in email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01002EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•31 views

PRODSECBUG-2456: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.5CVSS7.2AI score0.01949EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/06/25 12:0 a.m.•30 views

PRODSECBUG-2128: Stored Cross Site Scripting in the Admin Panel through the tax/notification/info_url setting

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/05/30 8:55 p.m.•30 views

API responses for unpatrolled or (not) autopatrolled recent changes require privileges but may be cached publicly

More info at https://phabricator.wikimedia.org/T212118...

7.5CVSS7.2AI score0.02043EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/04/09 12:21 p.m.•30 views

The CSRF token check can be bypassed

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10642.html...

8.8CVSS7.2AI score0.00499EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/25 12:12 p.m.•30 views

CVE-2018-11407: Unauthorized access on a misconfigured LDAP server when using an empty password

More info at https://symfony.com/cve-2018-11407...

9.8CVSS7.2AI score0.02345EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/05/25 11:46 a.m.•30 views

CVE-2018-11406: CSRF Token Fixation

More info at https://symfony.com/cve-2018-11406...

8.8CVSS7.2AI score0.00761EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/03/20 2:0 p.m.•30 views

Potential remote code execution in LUA context of the redis server via methods `yii\redis\ActiveRecord::findOne()` and `::findAll()`

More info at https://www.yiiframework.com/news/168/releasing-yii-2-0-15-and-database-extensions-with-security-fixes/...

9.8CVSS7.2AI score0.01588EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•30 views

JavaScript cross-site scripting prevention is incomplete.

More info at https://www.drupal.org/SA-CORE-2018-001...

6.1CVSS7.2AI score0.01644EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2018/02/20 9:35 p.m.•30 views

External link injection on 404 pages when linking to the current page.

More info at https://www.drupal.org/SA-CORE-2018-001...

5.8CVSS7.2AI score0.01196EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/16 3:15 p.m.•30 views

CVE-2017-16654: Intl bundle readers breaking out of paths

More info at https://symfony.com/cve-2017-16654...

7.5CVSS7.2AI score0.02677EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/11/16 3:14 p.m.•30 views

CVE-2017-16790: Ensure that submitted data are uploaded files

More info at https://symfony.com/cve-2017-16790...

6.5CVSS7.2AI score0.01553EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2017/08/16 5:10 p.m.•30 views

REST API can bypass comment approval.

More info at https://www.drupal.org/SA-CORE-2017-004...

7.4CVSS7.2AI score0.02102EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/18 4:1 p.m.•30 views

Drupal Core - Highly Critical - Injection - SA-CORE-2016-003

More info at https://www.drupal.org/SA-CORE-2016-003...

8.1CVSS9.7AI score0.50427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/07/15 5:44 p.m.•30 views

HTTP Proxy header vulnerability

Addressing HTTPPROXY security vulnerability, CVE-2016-5385: https://httpoxy.org/. Please update to this version of Guzzle in order to mitigate the vulnerability when sending Guzzle requests inside of a CGI application. - Fixing timeout bug with StreamHandler - Only read up to Content-Length in...

8.1CVSS6.3AI score0.50427EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/05/09 9:13 p.m.•30 views

CVE-2016-4423: Large username storage in session

More info at https://symfony.com/cve-2016-4423...

7.5CVSS7.2AI score0.01862EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2016/01/06 9:35 p.m.•30 views

Local File Disclosure

SECURITY Fix CVE-2017-5223, local file disclosure vulnerability if content passed to msgHTML is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML without a $basedir will not import images with relative URLs, and relative...

5.5CVSS5.5AI score0.02161EPSS
Exploits6Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/16 10:0 p.m.•30 views

Anonymous authentication in ldap_bind() function of PHP, using null byte

More info at https://framework.zend.com/security/advisory/ZF2014-05...

5CVSS7.2AI score0.02495EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2014/09/03 7:40 a.m.•30 views

CSRF vulnerability in the Web Profiler

More info at https://symfony.com/cve-2014-6072...

7.2AI score0.01485EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702