Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
FriendsofphpRecent
RecentMost viewed

1697 matches found

Friends Of PHP
Friends Of PHP•added 2020/03/05 5:34 p.m.•26 views

SQL injection relating to data display

More info at https://www.phpmyadmin.net/security/PMASA-2020-4/...

5.4CVSS7.2AI score0.01593EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/03/03 10:14 p.m.•7 views

Fixes redirect uri validation in oauth

More info at https://github.com/FriendsOfSymfony/oauth2-php/releases/tag/1.3.0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/02/20 3:55 p.m.•15 views

EZSA-2020-001 Remote code execution in file uploads

More info at https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/02/20 3:55 p.m.•7 views

EZSA-2020-001 Remote code execution in file uploads

More info at https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/02/16 11:54 p.m.•31 views

CVE-2019-19325: XSS through non-scalar FormField attributes

More info at https://www.silverstripe.org/download/security-releases/cve-2019-19325/...

6.1CVSS7.2AI score0.00685EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/02/04 11:40 a.m.•25 views

Relative Path Traversal (CWE-23) in chunked uploads

Description Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validati...

6.5CVSS8.6AI score0.03929EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/02/04 11:40 a.m.•34 views

Relative Path Traversal (CWE-23) in chunked uploads

Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validating these...

8.8CVSS8.6AI score0.03929EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/21 3:10 p.m.•15 views

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/21 3:10 p.m.•9 views

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/18 10:13 p.m.•27 views

SQL injection relating to searching

More info at https://www.phpmyadmin.net/security/PMASA-2020-3/...

6CVSS7.7AI score0.02115EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/18 10:13 p.m.•32 views

SQL injection relating to searching

More info at https://www.phpmyadmin.net/security/PMASA-2020-3/...

8CVSS7.2AI score0.02115EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/13 2:35 p.m.•34 views

Unexpected bindings in QueryBuilder

More info at https://blog.laravel.com/security-laravel-62011-7302-8221-released...

7.2CVSS7.2AI score0.01605EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/13 2:35 p.m.•42 views

Unexpected bindings in QueryBuilder

More info at https://blog.laravel.com/security-laravel-62011-7302-8221-released https://blog.laravel.com/security-laravel-62012-7303-released...

7.2CVSS7.2AI score0.01605EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/01 4:15 p.m.•12 views

Disclosure of files via logo_path query parameter

Require version that checks mime type...

3.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/01 4:15 p.m.•8 views

Disclosure of files via logo_path query parameter

Require version that checks mime type...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2020/01/01 1:54 p.m.•26 views

SQL injection in user accounts page

More info at https://www.phpmyadmin.net/security/PMASA-2020-1/...

8.8CVSS7.2AI score0.38778EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 11:43 a.m.•30 views

Insert tag injection in the login module

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 11:43 a.m.•42 views

Insert tag injection in the login module

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:51 a.m.•27 views

Insecure Deserialization in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

8.8CVSS7.2AI score0.01267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:51 a.m.•22 views

Insecure Deserialization in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

8.8CVSS7.2AI score0.01267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:51 a.m.•30 views

SQL Injection in low-level Query Generator

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-025...

7.2CVSS7.2AI score0.00868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:51 a.m.•25 views

SQL Injection in low-level Query Generator

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-025...

7.2CVSS7.2AI score0.00868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•31 views

Directory Traversal on ZIP extraction

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-024...

7.2CVSS7.2AI score0.01452EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•27 views

Directory Traversal on ZIP extraction

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-024...

7.2CVSS7.2AI score0.01452EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•12 views

Cross-Site Scripting in Filelist Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-023...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•12 views

Cross-Site Scripting in Filelist Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-023...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•10 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-022...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•10 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-022...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•9 views

Cross-Site Scripting in Form Framework validation handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-021...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•11 views

Cross-Site Scripting in Form Framework validation handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-021...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•11 views

Possible Insecure Deserialization in Extbase Request Handling

More info at https://typo3.org/security/advisory/typo3-psa-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/17 9:50 a.m.•11 views

Possible Insecure Deserialization in Extbase Request Handling

More info at https://typo3.org/security/advisory/typo3-psa-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/12/05 4:2 p.m.•17 views

Possible to circumvent title-blacklist

More info at https://phabricator.wikimedia.org/T239466...

6.1CVSS7.2AI score0.01564EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/11/13 8:0 a.m.•14 views

CVE-2019-11325: Fix escaping of strings in VarExporter

More info at https://symfony.com/cve-2019-11325...

9.8CVSS7.2AI score0.03354EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/11/13 8:0 a.m.•19 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/11/13 8:0 a.m.•23 views

CVE-2019-11325: Fix escaping of strings in VarExporter

More info at https://symfony.com/cve-2019-11325...

9.8CVSS7.2AI score0.03354EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/11/06 11:44 a.m.•16 views

Critical signature bypass

More info at https://simplesamlphp.org/security/201911-01...

8.8CVSS7.2AI score0.03024EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2223: Remote code execution when using functionality that imports a new product

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9CVSS7.2AI score0.03267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2407: Remote code execution due to unsafe PHP archieve deserialization in the import functionality

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.0238EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•19 views

PRODSECBUG-2426: Cross-Site Scripting via store name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•11 views

PRODSECBUG-2424: SQL injection when accessing group data in email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01002EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•8 views

PRODSECBUG-2422: Cross-Site Scripting via Email Template Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2408: Unrestricted upload of file with dangerous type

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.9CVSS7.2AI score0.00763EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•16 views

PRODSECBUG-2425: Cross-Site Scripting via Signifyd Guarantee Option Translation Override

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•17 views

PRODSECBUG-2423: Cross-Site Scripting via inventory source

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2406: Cross-Site Scripting via Payment Method Title

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•21 views

PRODSECBUG-2392: Cross-Site Scripting via PageBuilder Banner

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•12 views

PRODSECBUG-2390: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.0214EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•13 views

PRODSECBUG-2367: Remote code execution due to unsafe handling of a carrier gateway

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

7.2CVSS7.2AI score0.01714EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP•added 2019/10/08 12:0 a.m.•18 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1697