Lucene search
K
FriendsofphpRecent

1702 matches found

Friends Of PHP
Friends Of PHP
•added 2020/03/26 2:2 p.m.•25 views

makeCollapsible allows applying event handler to any CSS selector

More info at https://phabricator.wikimedia.org/T246602...

5.3CVSS7.2AI score0.01123EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/26 2:2 p.m.•37 views

User content can redirect the logout button to different URL

More info at https://phabricator.wikimedia.org/T232932...

6.1CVSS7.2AI score0.01429EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/18 10:16 p.m.•27 views

SQL injection with processing username

More info at https://www.phpmyadmin.net/security/PMASA-2020-2/...

8CVSS7.2AI score0.02694EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/13 1:52 p.m.•15 views

XSS vulnerability in blade templating

More info at https://github.com/laravel/framework/pull/31945...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/13 1:52 p.m.•10 views

XSS vulnerability in blade templating

More info at https://github.com/laravel/framework/pull/31945...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/05 5:34 p.m.•31 views

SQL injection relating to data display

More info at https://www.phpmyadmin.net/security/PMASA-2020-4/...

5.4CVSS7.2AI score0.01593EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/03/03 10:14 p.m.•9 views

Fixes redirect uri validation in oauth

More info at https://github.com/FriendsOfSymfony/oauth2-php/releases/tag/1.3.0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/02/20 3:55 p.m.•16 views

EZSA-2020-001 Remote code execution in file uploads

More info at https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/02/20 3:55 p.m.•7 views

EZSA-2020-001 Remote code execution in file uploads

More info at https://ezplatform.com/security-advisories/ezsa-2020-001-remote-code-execution-in-file-uploads...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/02/16 11:54 p.m.•33 views

CVE-2019-19325: XSS through non-scalar FormField attributes

More info at https://www.silverstripe.org/download/security-releases/cve-2019-19325/...

6.1CVSS7.2AI score0.00685EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/02/04 11:40 a.m.•27 views

Relative Path Traversal (CWE-23) in chunked uploads

Description Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validati...

6.5CVSS8.6AI score0.03929EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/02/04 11:40 a.m.•36 views

Relative Path Traversal (CWE-23) in chunked uploads

Impact The vulnerability was identified in the web service for a chunked file upload. While the names of the POST parameters vary with the used frontend, their values are always used in the same way to build a path where the chunks are stored and assembled temporarily. By not validating these...

8.8CVSS8.6AI score0.03929EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/21 3:10 p.m.•10 views

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/21 3:10 p.m.•16 views

Unexpected bindings in QueryBuilder

This is a follow-up to the previous security advisory GHSA-3p32-j457-pg5x which addresses a few additional edge cases. If a request is crafted where a field that is normally a non-array value is an array, and that input is not validated or cast to its expected type before being passed to the quer...

7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/18 10:13 p.m.•33 views

SQL injection relating to searching

More info at https://www.phpmyadmin.net/security/PMASA-2020-3/...

8CVSS7.2AI score0.02115EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/18 10:13 p.m.•28 views

SQL injection relating to searching

More info at https://www.phpmyadmin.net/security/PMASA-2020-3/...

6CVSS7.7AI score0.02115EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/13 2:35 p.m.•35 views

Unexpected bindings in QueryBuilder

More info at https://blog.laravel.com/security-laravel-62011-7302-8221-released...

7.2CVSS7.2AI score0.01605EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/13 2:35 p.m.•43 views

Unexpected bindings in QueryBuilder

More info at https://blog.laravel.com/security-laravel-62011-7302-8221-released https://blog.laravel.com/security-laravel-62012-7303-released...

7.2CVSS7.2AI score0.01605EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/01 4:15 p.m.•13 views

Disclosure of files via logo_path query parameter

Require version that checks mime type...

3.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/01 4:15 p.m.•11 views

Disclosure of files via logo_path query parameter

Require version that checks mime type...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2020/01/01 1:54 p.m.•28 views

SQL injection in user accounts page

More info at https://www.phpmyadmin.net/security/PMASA-2020-1/...

8.8CVSS7.2AI score0.38778EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 11:43 a.m.•31 views

Insert tag injection in the login module

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 11:43 a.m.•43 views

Insert tag injection in the login module

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-the-login-module.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:51 a.m.•28 views

Insecure Deserialization in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

8.8CVSS7.2AI score0.01267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:51 a.m.•24 views

Insecure Deserialization in Query Generator & Query View

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-026...

8.8CVSS7.2AI score0.01267EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:51 a.m.•32 views

SQL Injection in low-level Query Generator

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-025...

7.2CVSS7.2AI score0.00868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:51 a.m.•27 views

SQL Injection in low-level Query Generator

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-025...

7.2CVSS7.2AI score0.00868EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•34 views

Directory Traversal on ZIP extraction

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-024...

7.2CVSS7.2AI score0.01452EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•29 views

Directory Traversal on ZIP extraction

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-024...

7.2CVSS7.2AI score0.01452EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•12 views

Cross-Site Scripting in Filelist Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-023...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•13 views

Cross-Site Scripting in Filelist Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-023...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•10 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-022...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•10 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-022...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•12 views

Cross-Site Scripting in Form Framework validation handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-021...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•10 views

Cross-Site Scripting in Form Framework validation handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-021...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•12 views

Possible Insecure Deserialization in Extbase Request Handling

More info at https://typo3.org/security/advisory/typo3-psa-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/17 9:50 a.m.•11 views

Possible Insecure Deserialization in Extbase Request Handling

More info at https://typo3.org/security/advisory/typo3-psa-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/12/05 4:2 p.m.•21 views

Possible to circumvent title-blacklist

More info at https://phabricator.wikimedia.org/T239466...

6.1CVSS7.2AI score0.01564EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/11/13 8:0 a.m.•56 views

CVE-2019-11325: Fix escaping of strings in VarExporter

More info at https://symfony.com/cve-2019-11325...

9.8CVSS7.2AI score0.03354EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/11/13 8:0 a.m.•20 views

CVE-2019-18888: Prevent argument injection in a MimeTypeGuesser

More info at https://symfony.com/cve-2019-18888...

7.5CVSS7.2AI score0.02248EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/11/13 8:0 a.m.•24 views

CVE-2019-11325: Fix escaping of strings in VarExporter

More info at https://symfony.com/cve-2019-11325...

9.8CVSS7.2AI score0.03354EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/11/06 11:44 a.m.•17 views

Critical signature bypass

More info at https://simplesamlphp.org/security/201911-01...

8.8CVSS7.2AI score0.03024EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•41 views

PRODSECBUG-2390: Broken authentication and session managememt

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

9.8CVSS7.2AI score0.0214EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•47 views

PRODSECBUG-2344: Cross-Site Scripting via wysiwyg editor

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00591EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•54 views

PRODSECBUG-2401: Cross-Site Scripting via Customer Attribute Option Value

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•39 views

PRODSECBUG-2392: Cross-Site Scripting via PageBuilder Banner

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

4.8CVSS7.2AI score0.00552EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•30 views

PRODSECBUG-2424: SQL injection when accessing group data in email templates

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01002EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•19 views

PRODSECBUG-2423: Cross-Site Scripting via inventory source

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•10 views

PRODSECBUG-2422: Cross-Site Scripting via Email Template Name

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

5.4CVSS7.2AI score0.00556EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 2019/10/08 12:0 a.m.•37 views

PRODSECBUG-2418: SQL injection via marketing account with access to email templates variables

More info at https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update...

8.8CVSS7.2AI score0.01002EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702