Lucene search
K
FriendsofphpRecent

1702 matches found

Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

HTML-output filters in twig/* extras incorrectly declared `is_safe => ['all']`

More info at https://symfony.com/cve-2026-46637...

5.8AI score0.0006EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.34 views

Denial of Service via HTTP/2 CONTINUATION Frames

Early versions of amphp/http-client with HTTP/2 support v4.0.0-rc10 to 4.0.0 will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. Later versions of amphp/http-client v4.1.0-rc1...

8.2CVSS7.8AI score0.83244EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.25 views

Denial of Service via HTTP/2 CONTINUATION Frames

amphp/http will collect HTTP/2 CONTINUATION frames in an unbounded buffer and will not check the header size limit until it has received the ENDHEADERS flag, resulting in an OOM crash. amphp/http-client and amphp/http-server are indirectly affected if they're used with an unpatched version of...

8.2CVSS7.8AI score0.83244EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

8.7CVSS7.2AI score0.00747EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

Code injection vulnerability in allSelectors()

More info at https://packetstormsecurity.com/files/cve/CVE-2020-13756...

9.8CVSS7.2AI score0.55084EPSS
Exploits4Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Filter input to avoid XPath injection

Filter input for its use in XPath expressions In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white...

6.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.30 views

Moderately critical - Cross Site Scripting

More info at https://www.drupal.org/sa-core-2018-003...

6.1CVSS9.7AI score0.0178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.34 views

Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005

More info at https://www.drupal.org/sa-core-2019-005...

5.4CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.30 views

Drupal core - Moderately critical - Multiple Vulnerabilities - SA-CORE-2019-005

More info at https://www.drupal.org/sa-core-2019-005...

5.4CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.45 views

Critical - Arbitrary PHP code execution

More info at https://www.drupal.org/sa-core-2019-002...

9.8CVSS7.2AI score0.33228EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.15 views

XSS in various backend modules

More info at https://www.neos.io/blog/xss-in-various-backend-modules.html...

5.4CVSS7.2AI score0.00564EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.19 views

Padding Oracle Vulnerability in RSA Encryption

Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...

6.8AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.38 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS5.4AI score0.01193EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.25 views

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

6.1CVSS7.2AI score0.00959EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.39 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

More info at https://www.drupal.org/sa-core-2020-002...

6.1CVSS7.2AI score0.00864EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Drupal core - Less critical - Access bypass - SA-CORE-2020-006

More info at https://www.drupal.org/sa-core-2020-006...

9.8CVSS7.2AI score0.01275EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.23 views

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

More info at https://www.drupal.org/sa-core-2020-004...

8.8CVSS7.2AI score0.00695EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.27 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2020-009

More info at https://www.drupal.org/sa-core-2020-009...

6.1CVSS7.2AI score0.00681EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.25 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

More info at https://www.drupal.org/sa-core-2020-010...

6.1CVSS7.2AI score0.00643EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.22 views

Mautic core - Moderately Critical - XSS vulnerability when creating/editing a company

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.20 views

Timing attack vector for remember me token

The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...

5.9CVSS5.4AI score0.01193EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...

6.1CVSS5.8AI score0.00799EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.11 views

Laravel CRLF injection in default email rule

Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...

5.2AI score0.00048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

SQL Server LIMIT / OFFSET SQL Injection

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

7.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.28 views

Use of a Broken or Risky Cryptographic Algorithm

✍️ Description The function mtrand is used to generate session tokens, this function is cryptographically flawed due to its nature being one pseudorandomness, an attacker can take advantage of the cryptographically insecure nature of this function to enumerate session tokens for accounts that are...

3.5CVSS3.9AI score0.00458EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Password reset phishing vulnerability

More info at https://laravel.com/docs/5.4/releaseslaravel-5.4.22...

6.1CVSS7.2AI score0.00959EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.20 views

TOTP throttle not enforced cross-wiki

More info at https://phabricator.wikimedia.org/T251661...

7.5CVSS7.2AI score0.01752EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Stored XSS on first/last name during setup

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

Stored XSS in tags autocomplete dropdown

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.42 views

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

6.1CVSS5.9AI score0.01244EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.36 views

Unauthenticated crypto and weak IV in Magento\Framework\Encryption

More info at http://www.openwall.com/lists/oss-security/2016/07/19/3...

7.5CVSS7.2AI score0.00846EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.60 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

Tabnabbing when opening URI with menu "Open URI in a new tab"

More info at https://www.passbolt.com/incidents/20190807multiplevulnerabilities...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009

More info at https://www.drupal.org/sa-core-2019-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Drupal core - Moderately critical - Denial of Service - SA-CORE-2019-009

More info at https://www.drupal.org/sa-core-2019-009...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010

More info at https://www.drupal.org/sa-core-2019-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.41 views

SQL injection vulnerabililty in the file manager search filter

More info at https://contao.org/en/news/security-vulnerability-cve-2019-11512.html...

9.8CVSS7.2AI score0.01462EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011

More info at https://www.drupal.org/sa-core-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.13 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2019-011

More info at https://www.drupal.org/sa-core-2019-011...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.41 views

Information disclosure in the back end

More info at https://contao.org/en/security-advisories/information-disclosure-in-the-back-end.html...

5.3CVSS7.2AI score0.0088EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012

More info at https://www.drupal.org/sa-core-2019-012...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.14 views

Drupal core - Moderately critical - Third-party library - SA-CORE-2020-001

More info at https://www.drupal.org/sa-core-2020-001...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.7 views

Drupal core - Moderately critical - Multiple vulnerabilities - SA-CORE-2019-010

More info at https://www.drupal.org/sa-core-2019-010...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.35 views

PHPMemcachedAdmin Path Traversal vulnerability

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6026...

9.8CVSS7.2AI score0.00864EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.56 views

PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding

More info at https://nvd.nist.gov/vuln/detail/CVE-2023-6027...

6.1CVSS7.2AI score0.00406EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.16 views

Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2019-012

More info at https://www.drupal.org/sa-core-2019-012...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.36 views

Unrestricted file uploads

More info at https://contao.org/en/security-advisories/unrestricted-file-uploads.html...

8.8CVSS7.2AI score0.01108EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.9 views

Exploit of encryption failure vulnerability

More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.10 views

Laravel CRLF injection in default email rule

Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...

5.2AI score0.00048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.18 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Total number of security vulnerabilities1702