Missing input validation can lead to command execution in composer

The Composer method VcsDriver::getFileContent with user-controlled $file or $identifier arguments is susceptible to an argument injection vulnerability. It can be leveraged to gain arbitrary command execution if the Mercurial or the Git driver are used. This led to a vulnerability on Packagist.or...

Key/algorithm type confusion

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue e.g., RS256 / HS256 exists via the kid aka Key ID header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way t...

Path Disclosure within joomla/filesystem class

More info at https://developer.joomla.org/security-centre/871-20220302-core-path-disclosure-within-filesystem-error-messages.html...

XSS within joomla/filter class

More info at https://developer.joomla.org/security-centre/877-20220308-core-inadequate-content-filtering-within-the-filter-code.html...

Path Traversal within joomla/archive tar class

More info at https://developer.joomla.org/security-centre/870-20220301-core-zip-slip-within-the-tar-extractor.html...

Variable Tampering within joomla/input class

More info at https://developer.joomla.org/security-centre/876-20220307-core-variable-tampering-on-jinput-request-data.html...

Remote code injection via remote fonts

Dompdf is an HTML to PDF converter. Dompdf before 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets CSS statement within an HTML input file...

Inproper parsing of HTTP headers

Impact Improper header parsing. An attacker could sneak in a carriage return character \r and pass untrusted values in both the header names and values. Patches The issue is patched in 1.8.4 and 2.1.1. Workarounds There are no known workarounds. References...

Path manipulation

Description matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. The issue was fixed in version 3.0.6. References https://nvd.nist.gov/vuln/detail/CVE-2021-43676 https://github.com/matyhtf/framework/issues/206 matyhtf/framework@2508460...

Path manipulation

matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. The issue was fixed in version 3.0.6...

Server-Side Request Forgery (SSRF) and URL Redirection to Untrusted Site ('Open Redirect')

Impact On releases prior to 3.0.3, an attacker could craft a special HTML page to trigger either an open redirect attack or a Server-Side Request Forgery attack depending on how AllTube is configured. The impact is mitigated by the fact the SSRF attack is only possible when the stream option is...

Server-Side Request Forgery (SSRF)

Impact Releases prior to 3.0.2 are vulnerable to a Server-Side Request Forgery vulnerability that allows an attacker to send a request to an internal hostname. Patches 3.0.2 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. Part of the fix requires applyi...

CVE-2022-24711: Remote CLI Command Execution Vulnerability in CodeIgniter4

Impact This vulnerability allows attackers to execute CLI routes via HTTP request. Patches Upgrade to v4.1.9 or later. Workarounds None. For more information If you have any questions or comments about this advisory: Open an issue in codeigniter4/CodeIgniter4 Email us at SECURITY.md...

CVE-2022-24712: Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4

Impact This vulnerability might allow remote attackers to bypass the CodeIgniter4 CSRF protection mechanism. Patches Upgrade to v4.1.9 or later. Workarounds These are workarounds for this vulnerability, but you will still need to code as these after upgrading to v4.1.9. Otherwise, the CSRF...

Multi-Factor Authentication issue in Laravel Fortify

Laravel Fortify before 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept...

URL Redirection to Untrusted Site ('Open Redirect')

Description Impact Releases prior to 3.0.1 are vulnerable to an open redirect vulnerability that allows an attacker to construct a URL that redirects to an arbitrary external domain. Patches 3.0.1 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. Referenc...

URL Redirection to Untrusted Site ('Open Redirect')

Impact Releases prior to 3.0.1 are vulnerable to an open redirect vulnerability that allows an attacker to construct a URL that redirects to an arbitrary external domain. Patches 3.0.1 contains a fix for this vulnerability. The 1.x and 2.x releases are not maintained anymore. References...

A cross-site scripting vulnerability

Description Impact SVG sanitizer library before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+xml were not affected. Patches This...

A cross-site scripting vulnerability

Impact SVG sanitizer library before version 0.15.0 did not remove HTML elements wrapped in a CDATA section. As a result, SVG content embedded in HTML fetched as text/html was susceptible to cross-site scripting. Plain SVG files fetched as image/svg+xml were not affected. Patches This issue is fix...

Possible SQL injection in widget field value

Description Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions ...

Possible SQL injection in widget field value

Impact The currently selected widget values were not correctly sanitized before passing it to the database, leading to an SQL injection possibility. Patches The issue has been patched in tablelookupwizard version 3.3.5 and version 4.0.0. For more information If you have any questions or comments...

Disallow non closures in the sort filter

More info at https://symfony.com/blog/twig-security-release-disallow-non-closures-in-the-sort-filter...

CVE-2022-23601: CSRF token missing in forms

More info at https://symfony.com/cve-2022-23601...

CVE-2022-23601: CSRF token missing in forms

More info at https://symfony.com/cve-2022-23601...

CVE-2022-21715: XSS Vulnerability in API\ResponseTrait in CodeIgniter4

Impact Cross-Site Scripting XSS vulnerability was found in API\ResponseTrait in Codeigniter4. Attackers can do XSS attacks if you are using API\ResponseTrait. Patches Upgrade to v4.1.8 or later. Workarounds Do one of the following: 1. Do not use API\ResponseTrait nor ResourceController 2. Disable...

Possible RCE when rendering untrusted user templates

Fix CVE-2022-0323, possible RCE when rendering untrusted user templates, reported by @altm4n via huntr.dev Improve compatibility with PHP 8.1...

Possible RCE when rendering untrusted user templates

Fix CVE-2022-0323, possible RCE when rendering untrusted user templates, reported by @altm4n via huntr.dev - Improve compatibility with PHP 8.1...

Access to restricted PHP code by dynamic static class access

Impact Template authors could run restricted static php methods. Patches Please upgrade to 3.1.40 or higher. References See the documentation on Smarty security features on the staticclasses access filter. For more information If you have any questions or comments about this advisory please open ...

Sandbox Escape by math function

Impact Template authors could run arbitrary PHP code by crafting a malicious math string. If a math string is passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Patches Please upgrade to 4.0.2 or 3.1.42 or...

CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4

Description Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL...

CVE-2022-21647: Deserialization of Untrusted Data in Codeigniter4

Impact Deserialization of Untrusted Data was found in the old function in CodeIgniter4. Remote attackers may inject auto-loadable arbitrary objects with this vulnerability, and possibly execute existing PHP code on the server. We are aware of a working exploit, which can lead to SQL injection...

CVE-2022-38146 - URL XSS vulnerability due to outdated jquery in CMS

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38146...

CVE-2022-38147 - XSS via uploaded gpx file

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38147...

CVE-2022-38462 - Reflected XSS in querystring parameters

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38462...

CVE-2022-37430 - Stored XSS using uppercase characters in HTMLEditor

More info at https://www.silverstripe.org/download/security-releases/cve-2022-37430...

CVE-2022-38724 - XSS in shortcodes

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38724...

CVE-2022-38145 - Stored XSS in Compare Mode

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38145...

CVE-2022-37429 - Stored XSS using HTMLEditor

More info at https://www.silverstripe.org/download/security-releases/cve-2022-37429...

CVE-2022-38148 - Blind SQL Injection via GridFieldSortableHeader

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38148...

CVE-2022-37421 - Stored XSS in custom meta tags

More info at https://www.silverstripe.org/download/security-releases/cve-2022-37421...

CVE-2022-38724 - XSS in shortcodes

More info at https://www.silverstripe.org/download/security-releases/cve-2022-38724...

Image upload bypass

By default Debian includes support for executing .phar files alongside .php and .phtml files, and should be included in the blocked list. See: https://salsa.debian.org/php-team/php/-/blob/debian/main/7.4/debian/php-cgi.confL5-7 This should also be backported into all currently supported versions ...

CVE-2021-41270: Prevent CSV Injection via formulas

More info at https://symfony.com/cve-2021-41270...

CVE-2021-41270: Prevent CSV Injection via formulas

More info at https://symfony.com/cve-2021-41270...

SQL Injection in Limit Clause Generation API

We have released a new version Doctrine DBAL 3.1.4 that fixes a critical SQL injection vulnerability in the LIMIT clause generation API provided by the Platform abstraction. We advise everyone using Doctrine DBAL 3.0.0 up to 3.1.3 to upgrade to 3.1.4 immediately. The vulnerability can happen when...

CVE-2021-41268: Remember me cookie persistance after password changes

More info at https://symfony.com/cve-2021-41268...

CVE-2021-41268: Remember me cookie persistance after password changes

More info at https://symfony.com/cve-2021-41268...

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

More info at https://symfony.com/cve-2021-41267...

CVE-2021-41267: Webcache Poisoning via X-Forwarded-Prefix and sub-request

More info at https://symfony.com/cve-2021-41267...

TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2021-015...