Lucene search
K
FriendsofphpRecent

1702 matches found

Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•9 views

Exploit of encryption failure vulnerability

More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•10 views

Laravel CRLF injection in default email rule

Summary A CRLF injection vulnerability in Laravel's email validation, in combination with how Symfony Mailer and Symfony Mime handle certain character sequences, may allow an unauthenticated attacker to interfere with outbound email processing in applications that send mail to user-supplied...

5.2AI score0.00048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

PHP Code Injection

phpWhois PHP Code Injection Vulnerability Overview phpWhois and some of its forks in versions before 5.1.0 are prone to a code injection vulnerability due to insufficient sanitization of returned WHOIS data. This allows attackers controlling the WHOIS information of a requested domain to execute...

9.8CVSS9.7AI score0.06195EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•57 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

Possible cross-site scripting (XSS) vulnerability in the Blade templating engine

A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...

6.1CVSS5.8AI score0.00799EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•43 views

Insert tag injection in front end forms

More info at https://contao.org/en/security-advisories/insert-tag-injection-in-forms.html...

5.3CVSS7.2AI score0.00819EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•34 views

Cross-site scripting (XSS) vulnerability in the system log

More info at https://contao.org/en/security-advisories/cross-site-scripting-in-the-system-log-2021.html...

6.1CVSS7.2AI score0.0074EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•34 views

Cross site scripting via HTML attributes in the back end

More info at https://contao.org/en/security-advisories/cross-site-scripting-via-html-attributes-in-the-back-end.html...

4.8CVSS7.2AI score0.00557EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•11 views

Drupal core - Moderately critical - Third-party libraries - SA-CORE-2021-005

More info at https://www.drupal.org/sa-core-2021-005...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Privilege escalation with the form generator

More info at https://contao.org/en/security-advisories/privilege-escalation-with-the-form-generator.html...

8CVSS7.2AI score0.01023EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•14 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-013

More info at https://www.drupal.org/sa-core-2020-013...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•46 views

PHP file inclusion via insert tags

More info at https://contao.org/en/security-advisories/php-file-inclusion-via-insert-tags.html...

7.2CVSS7.2AI score0.01254EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•41 views

Highly critical - Remote Code Execution

More info at https://www.drupal.org/SA-CORE-2019-003...

8.1CVSS7.2AI score0.91919EPSS
Exploits22Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•22 views

Critical - Third Party Libraries

More info at https://www.drupal.org/sa-core-2019-001...

8CVSS7.2AI score0.0213EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.

Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data...

9.8CVSS9.3AI score0.26172EPSS
Exploits7Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002

More info at https://www.drupal.org/sa-core-2020-002...

6.1CVSS7.2AI score0.00864EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•17 views

Moderately critical - Cross Site Scripting - SA-CORE-2019-004

More info at https://www.drupal.org/SA-CORE-2019-004...

5.4CVSS7.2AI score0.12408EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•21 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

More info at https://www.drupal.org/sa-core-2020-005...

9.3CVSS7.2AI score0.02978EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•13 views

Content moderation - Moderately critical - Access bypass

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•11 views

Content moderation - Moderately critical - Access bypass

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•41 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•9 views

Contextual Links validation - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...

6.3CVSS6.1AI score0.04086EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Guard bypass in Eloquent models

More info at https://blog.laravel.com/security-release-laravel-61834-7232...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•19 views

XSS vulnerability on contacts view

Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...

8.3CVSS6.7AI score0.00642EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•28 views

XSS vulnerability on asset view

Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...

7.1CVSS5.7AI score0.00604EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

RCE vulnerability in "cookie" session driver

More info at https://blog.laravel.com/laravel-cookie-security-releases...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

Use token when logging out

More info at https://phabricator.wikimedia.org/T25227...

8.8CVSS7.2AI score0.00848EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•35 views

Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...

8.2CVSS7.3AI score0.00699EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•7 views

Exploit of encryption failure vulnerability

More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

Cookie serialization vulnerability

More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

9.6CVSS7.2AI score0.02395EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

9.6CVSS7.2AI score0.02694EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

5.8CVSS5.1AI score0.00345EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Moderately critical - Third-party libraries - SA-CORE-2019-007

More info at https://www.drupal.org/SA-CORE-2019-007...

9.8CVSS7.2AI score0.05586EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Critical - Third Party Libraries

More info at https://www.drupal.org/sa-core-2019-001...

8CVSS7.2AI score0.0213EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Moderately critical - Third-party libraries - SA-CORE-2019-007

More info at https://www.drupal.org/SA-CORE-2019-007...

9.8CVSS7.2AI score0.05586EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Critical - Arbitrary PHP code execution

More info at https://www.drupal.org/sa-core-2019-002...

9.8CVSS7.2AI score0.33228EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•39 views

Highly critical - Remote Code Execution

More info at https://www.drupal.org/SA-CORE-2019-003...

8.1CVSS7.2AI score0.91919EPSS
Exploits22Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

More info at https://www.drupal.org/sa-core-2020-004...

8.8CVSS7.2AI score0.00695EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•10 views

SQL Server LIMIT / OFFSET SQL Injection

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

7.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•32 views

Guard bypass in Eloquent models

More info at https://blog.laravel.com/security-release-laravel-61834-7232...

7.5CVSS7.2AI score0.01203EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•22 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

More info at https://www.drupal.org/sa-core-2020-008...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

More info at https://www.drupal.org/sa-core-2020-011...

7.5CVSS7.2AI score0.01106EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•37 views

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

More info at https://www.drupal.org/sa-core-2020-012...

8.8CVSS7.2AI score0.04269EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•21 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

More info at https://www.drupal.org/sa-core-2020-010...

6.1CVSS7.2AI score0.00643EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•22 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

More info at https://www.drupal.org/sa-core-2021-002...

6.1CVSS7.2AI score0.00671EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

More info at https://www.drupal.org/sa-core-2021-002...

6.1CVSS7.2AI score0.00671EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

More info at https://www.drupal.org/sa-core-2020-007...

6.1CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Total number of security vulnerabilities1702