3 matches found
CVE-2023-49283
The CVE-2023-49283 issue affects the Microsoft Graph Core PHP SDK (vendor/microsoft/microsoft-graph-core) where test code in GetPhpInfo.php calls phpinfo(), enabling information disclosure if the server misconfigures access to the vendor directory. Affected: Microsoft Graph Core PHP SDK prior to ...
CVE-2023-49282
The CVE-2023-49282 issue affects the Microsoft Graph PHP SDK (msgraph-sdk-php) where test code GetPhpInfo.php invokes phpinfo(), exposing system configuration and environment details if the server misconfigures access (e.g., /vendor). Affected versions were patched in 1.109.1 and 2.0.0-RC5. Remed...
CVE-2026-47655
CVE-2026-47655 describes an information-disclosure vulnerability in Microsoft Graph. An authorized attacker could disclose sensitive data over a network due to a root cause that enables exposure to an attacker with Network access, Low complexity and Low privileges, with no user interaction. The C...