Friendsofphp - Page 12 of Friendsofphp Vulnerabilities List

Friends Of PHP•added 2019/09/24 5:1 p.m.•22 views

CVE-2019-12204: Missing warning on install.php on public webroot can lead to unauthenticated admin access

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12204/...

9.8CVSS7.2AI score0.0146EPSS

Friends Of PHP•added 2019/09/24 4:51 p.m.•13 views

CVE-2019-12203: Session fixation in "change password" form

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12203/...

6.3CVSS7.2AI score0.0038EPSS

Friends Of PHP•added 2019/09/24 1:49 p.m.•24 views

CVE-2019-12245: Incorrect access control vulnerability in files uploaded to protected folders

More info at https://www.silverstripe.org/download/security-releases/cve-2019-12245/...

5.3CVSS7.2AI score0.01369EPSS

Friends Of PHP•added 2019/09/24 1:49 p.m.•24 views

CVE-2020-9280: Folders migrated from 3.x may be unsafe to upload to

More info at https://www.silverstripe.org/download/security-releases/cve-2020-9280/...

7.5CVSS7.2AI score0.01686EPSS

Friends Of PHP•added 2019/09/19 2:0 a.m.•15 views

Circumvents open_basedir INI directive

ADVISORY: This release circumvents openbasedir in the requestinithook. If you rely on the openbasedir INI directive, we highly recommended you upgrade to 0.30.2. Fixed Shutdown span flushing blocking the process when forked 493 Memory access errors in cases when PHP code was run after extension...

0.4AI score

Friends Of PHP•added 2019/09/19 2:0 a.m.•16 views

Circumvents open_basedir INI directive

ADVISORY: This release circumvents openbasedir in the requestinithook. If you rely on the openbasedir INI directive, we highly recommended you upgrade to 0.30.2. Fixed - Shutdown span flushing blocking the process when forked 493 - Memory access errors in cases when PHP code was run after extensi...

7.4AI score

Friends Of PHP•added 2019/09/02 10:25 p.m.•10 views

EZSA-2019-006 Rules to disable executable access are ignored on Platform.sh (eZ Cloud)

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-006-rules-to-disable-executable-access-are-ignored-on-platform.sh-ez-cloud...

Friends Of PHP•added 2019/09/02 10:25 p.m.•10 views

EZSA-2019-007 Prevent accepting app.php in URL in Platform.sh

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-007-prevent-accepting-app.php-in-url-in-platform.sh...

Friends Of PHP•added 2019/08/15 7:16 p.m.•25 views

Exposed suppressed username via Special:Redirect

More info at https://phabricator.wikimedia.org/T230402...

5.3CVSS7.2AI score0.01768EPSS

Friends Of PHP•added 2019/07/16 4:24 p.m.•13 views

Critical - Access bypass

More info at https://www.drupal.org/sa-core-2019-008...

9.8CVSS7.2AI score0.01598EPSS

Friends Of PHP•added 2019/07/16 4:24 p.m.•31 views

Critical - Access bypass

More info at https://www.drupal.org/sa-core-2019-008...

9.8CVSS7.2AI score0.01598EPSS

Friends Of PHP•added 2019/07/08 12:27 p.m.•14 views

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

Before version 3.7 the bundle is vulnerable to a security issue in JWT, which can be exploited by an attacker to generate trusted device cookies on their own, effectively by-passing two-factor authentication. Please either disable the trusted feature in your application or upgrade to a bundle...

4.5AI score

Friends Of PHP•added 2019/07/08 12:27 p.m.•10 views

Vulnerability to bypass two-factor authentication with unverified JWT trusted device token

6.9AI score

Friends Of PHP•added 2019/07/04 12:28 p.m.•27 views

EZSA-2019-005 Bundled jQuery affected by CVE-2019-11358

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-005-bundled-jquery-affected-by-cve-2019-11358...

6.1CVSS9.7AI score0.87218EPSS

Exploits4Affected Software1

Friends Of PHP•added 2019/07/01 12:55 p.m.•32 views

XXE Vulnerability

This is: - a bugfix - a new feature - X security Checklist: - X Changes are covered by unit tests - X Code style is respected - X Commit message explains why the change is made see https://github.com/erlang/otp/wiki/Writing-good-commit-messages - X CHANGELOG.md contains a short summary of the...

8.8CVSS8.7AI score0.0135EPSS

Friends Of PHP•added 2019/06/27 12:0 a.m.•8 views

EZSA-2019-004 CSRF token in login form is disabled by default

More info at https://share.ez.no/community-project/security-advisories/ezsa-2019-004-csrf-token-in-login-form-is-disabled-by-default...

Friends Of PHP•added 2019/06/25 6:40 a.m.•13 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

Friends Of PHP•added 2019/06/25 6:40 a.m.•15 views

Broken Access Control in Import Module

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-017...

Friends Of PHP•added 2019/06/25 6:40 a.m.•31 views

Possible deserialization side-effects in symfony/cache

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-016...

7.1CVSS7.2AI score0.02302EPSS

Friends Of PHP•added 2019/06/25 6:40 a.m.•31 views

Possible deserialization side-effects in symfony/cache

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-016...

7.1CVSS7.2AI score0.02302EPSS

Friends Of PHP•added 2019/06/25 6:39 a.m.•26 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-020...

8.8CVSS7.2AI score0.01525EPSS

Friends Of PHP•added 2019/06/25 6:39 a.m.•30 views

Insecure Deserialization in TYPO3 CMS

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-020...

8.8CVSS7.2AI score0.01525EPSS

Friends Of PHP•added 2019/06/25 6:39 a.m.•13 views

Arbitrary Code Execution and Cross-Site Scripting in Backend API

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-019...

Friends Of PHP•added 2019/06/25 6:39 a.m.•11 views

Arbitrary Code Execution and Cross-Site Scripting in Backend API

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-019...

Friends Of PHP•added 2019/06/25 6:39 a.m.•12 views

Security Misconfiguration in Frontend Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-018...

Friends Of PHP•added 2019/06/25 6:39 a.m.•36 views

Security Misconfiguration in Frontend Session Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-018...

Friends Of PHP•added 2019/06/25 6:38 a.m.•22 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-015...

6.1CVSS7.2AI score0.00685EPSS

Friends Of PHP•added 2019/06/25 6:38 a.m.•22 views

Cross-Site Scripting in Link Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-015...

6.1CVSS7.2AI score0.00685EPSS

Friends Of PHP•added 2019/06/25 6:38 a.m.•9 views

Information Disclosure in Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-014...

Friends Of PHP•added 2019/06/25 6:38 a.m.•9 views

Information Disclosure in Backend User Interface

More info at https://typo3.org/security/advisory/typo3-core-sa-2019-014...

Friends Of PHP•added 2019/06/25 12:0 a.m.•12 views

PRODSECBUG-2429: Insecure object reference via customer REST API

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.5CVSS7.2AI score0.02161EPSS

Friends Of PHP•added 2019/06/25 12:0 a.m.•18 views

PRODSECBUG-2296: Arbitrary code execution through design layout update

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.01921EPSS

Friends Of PHP•added 2019/06/25 12:0 a.m.•45 views

PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•33 views

PRODSECBUG-2371: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•24 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•22 views

PRODSECBUG-2363: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•38 views

PRODSECBUG-2369: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•37 views

PRODSECBUG-2369: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•33 views

PRODSECBUG-2371: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•42 views

PRODSECBUG-2378: Stored cross-site scripting in the Return Product comments feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•30 views

PRODSECBUG-2387: Cross site request forgery attacks are possible via the gift card removal feature

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

6.5CVSS7.2AI score0.00439EPSS

Friends Of PHP•added 2019/06/25 12:0 a.m.•27 views

PRODSECBUG-2380: Stored cross-site scripting in the Currency Symbols field

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•36 views

PRODSECBUG-2095: Defense-in-depth session validation check implemented

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.01151EPSS

Friends Of PHP•added 2019/06/25 12:0 a.m.•29 views

PRODSECBUG-2226: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•27 views

PRODSECBUG-2095: Defense-in-depth session validation check implemented

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33...

7.5CVSS7.2AI score0.01151EPSS

Friends Of PHP•added 2019/06/25 12:0 a.m.•18 views

PRODSECBUG-2353: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23...

Friends Of PHP•added 2019/06/25 12:0 a.m.•14 views

PRODSECBUG-2366: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

Friends Of PHP•added 2019/06/25 12:0 a.m.•11 views

PRODSECBUG-2364: Stored cross-site scripting in the admin panel

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

Friends Of PHP•added 2019/06/25 12:0 a.m.•23 views

PRODSECBUG-2351: Arbitrary code execution via crafted sitemap creation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

7.2CVSS7.2AI score0.02413EPSS