Lucene search
K
FriendsofphpRecent

1702 matches found

Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•21 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

More info at https://www.drupal.org/sa-core-2020-005...

9.3CVSS7.2AI score0.02978EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•13 views

Content moderation - Moderately critical - Access bypass

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•11 views

Content moderation - Moderately critical - Access bypass

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•41 views

Existing sessions are not correctly invalidated when a user changes their password

More info at https://contao.org/en/news/security-vulnerability-cve-2019-10641.html...

9.8CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•9 views

Contextual Links validation - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

XSS vulnerability on password reset page

Impact For Mautic versions prior to 3.3.4, there is an XSS vulnerability on Mautic's password reset page where a vulnerable parameter, "bundle," in the URL could allow an attacker to execute Javascript code. The attacker would be required to convince or trick the target into clicking a password...

6.3CVSS6.1AI score0.04086EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Guard bypass in Eloquent models

More info at https://blog.laravel.com/security-release-laravel-61834-7232...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•19 views

XSS vulnerability on contacts view

Impact Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack through the contact's first or last name and triggered when viewing a contact's details page then clicking on the action drop down and hovering over the Campaigns button. Contact first and last name can be populat...

8.3CVSS6.7AI score0.00642EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•28 views

XSS vulnerability on asset view

Impact Mautic versions before 3.3.4 / 4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. Patch...

7.1CVSS5.7AI score0.00604EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

RCE vulnerability in "cookie" session driver

More info at https://blog.laravel.com/laravel-cookie-security-releases...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

Use token when logging out

More info at https://phabricator.wikimedia.org/T25227...

8.8CVSS7.2AI score0.00848EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•35 views

Stored XSS vulnerability on Bounce Management Callback

Impact Insufficient sanitization / filtering allows for arbitrary JavaScript Injection in Mautic using the bounce management callback function. The values submitted in the "error" and "errorrelatedto" parameters of the POST request of the bounce management callback will be permanently stored and...

8.2CVSS7.3AI score0.00699EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•7 views

Exploit of encryption failure vulnerability

More info at https://medium.com/@taylorotwell/laravel-security-release-5-6-15-and-5-5-40-56f1257933a0...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•18 views

Cookie serialization vulnerability

More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

9.6CVSS7.2AI score0.02395EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Mautic core - Highly Critical - XSS vulnerability leveraged through referrers could allow un-authorized admin access

More info at https://www.mautic.org/blog/community/security-release-all-versions-mautic-prior-2-16-5-and-3-2-4...

9.6CVSS7.2AI score0.02694EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Secret data exfiltration via symfony parameters

Impact Symfony parameters which is what Mautic transforms configuration parameters into can be used within other Symfony parameters by design. However, this also means that an admin who is normally not privy to certain parameters, such as database credentials, could expose them by leveraging any ...

5.8CVSS5.1AI score0.00345EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Moderately critical - Third-party libraries - SA-CORE-2019-007

More info at https://www.drupal.org/SA-CORE-2019-007...

9.8CVSS7.2AI score0.05586EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Moderately critical - Cross Site Scripting

More info at https://www.drupal.org/sa-core-2018-003...

6.1CVSS9.7AI score0.0178EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Critical - Third Party Libraries

More info at https://www.drupal.org/sa-core-2019-001...

8CVSS7.2AI score0.0213EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Moderately critical - Third-party libraries - SA-CORE-2019-007

More info at https://www.drupal.org/SA-CORE-2019-007...

9.8CVSS7.2AI score0.05586EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Critical - Arbitrary PHP code execution

More info at https://www.drupal.org/sa-core-2019-002...

9.8CVSS7.2AI score0.33228EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•39 views

Highly critical - Remote Code Execution

More info at https://www.drupal.org/SA-CORE-2019-003...

8.1CVSS7.2AI score0.91919EPSS
Exploits22Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•24 views

Drupal core - Critical - Cross Site Request Forgery - SA-CORE-2020-004

More info at https://www.drupal.org/sa-core-2020-004...

8.8CVSS7.2AI score0.00695EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•10 views

SQL Server LIMIT / OFFSET SQL Injection

Impact Those using SQL Server with Laravel and allowing user input to be passed directly to the limit and offset functions are vulnerable to SQL injection. Other database drivers such as MySQL and Postgres are not affected by this vulnerability. Patches This problem has been patched on Laravel...

7.9AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•32 views

Guard bypass in Eloquent models

More info at https://blog.laravel.com/security-release-laravel-61834-7232...

7.5CVSS7.2AI score0.01203EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•22 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

More info at https://www.drupal.org/sa-core-2020-008...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

More info at https://www.drupal.org/sa-core-2020-011...

7.5CVSS7.2AI score0.01106EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•37 views

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

More info at https://www.drupal.org/sa-core-2020-012...

8.8CVSS7.2AI score0.04269EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•21 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-010

More info at https://www.drupal.org/sa-core-2020-010...

6.1CVSS7.2AI score0.00643EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•22 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

More info at https://www.drupal.org/sa-core-2021-002...

6.1CVSS7.2AI score0.00671EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-002

More info at https://www.drupal.org/sa-core-2021-002...

6.1CVSS7.2AI score0.00671EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2020-007

More info at https://www.drupal.org/sa-core-2020-007...

6.1CVSS7.2AI score0.02925EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•20 views

Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2020-005

More info at https://www.drupal.org/sa-core-2020-005...

9.3CVSS7.2AI score0.02978EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•25 views

Drupal core - Moderately critical - Access bypass - SA-CORE-2020-008

More info at https://www.drupal.org/sa-core-2020-008...

5.3CVSS7.2AI score0.00928EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Drupal core - Less critical - Access bypass - SA-CORE-2020-006

More info at https://www.drupal.org/sa-core-2020-006...

9.8CVSS7.2AI score0.01275EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•16 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003

More info at https://www.drupal.org/sa-core-2021-003...

6.1CVSS7.2AI score0.03189EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Cookie serialization vulnerability

More info at https://laravel.com/docs/5.6/upgradeupgrade-5.6.30...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

RCE vulnerability in "cookie" session driver

More info at https://blog.laravel.com/laravel-cookie-security-releases...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•29 views

Drupal core - Critical - Cross-site scripting - SA-CORE-2021-003

More info at https://www.drupal.org/sa-core-2021-003...

6.1CVSS7.2AI score0.03189EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

Drupal core - Moderately critical - Information disclosure - SA-CORE-2020-011

More info at https://www.drupal.org/sa-core-2020-011...

7.5CVSS7.2AI score0.01106EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•30 views

Drupal core - Critical - Remote code execution - SA-CORE-2020-012

More info at https://www.drupal.org/sa-core-2020-012...

8.8CVSS7.2AI score0.04269EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•12 views

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•10 views

Injection in DefaultMailSystem::mail() - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•10 views

Contextual Links validation - Critical - Remote Code Execution

More info at https://www.drupal.org/sa-core-2018-006...

7.2AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•70 views

Class-Name Injection

Tested on 1.8.0-beta-5 In safe mode with html markup disabled, it is possible to insert any classname into a code block like this: \js any-class-name with spaces code \ renders as: code infostring needs some cleanup here:...

8.1CVSS8AI score0.01469EPSS
Exploits1Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•23 views

CVE-2019-10911: Add a separator in the remember me cookie hash

More info at https://symfony.com/cve-2019-10911...

7.5CVSS7.2AI score0.01243EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•26 views

CVE-2018-14773: Remove support for legacy and risky HTTP headers

More info at https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers...

6.5CVSS7.2AI score0.58061EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•31 views

CVE-2019-10909: Escape validation messages in the PHP templating engine

More info at https://symfony.com/cve-2019-10909...

5.4CVSS7.2AI score0.01048EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
•added 1970/01/01 12:0 a.m.•27 views

CVE-2019-10910: Check service IDs are valid

More info at https://symfony.com/cve-2019-10910...

9.8CVSS7.2AI score0.0595EPSS
Exploits1Affected Software1
Total number of security vulnerabilities1702