Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-40797: debian/php-cgi.conf · dc253886b5b2e9bc8d9e36db787abb083a667fd8 · Debian PHP Team / php · GitLab

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)

CVE
Open in Source
#web#debian#js#git#php#rce#auth

The default file extension configuration has been changed to add .phar and… · dc253886

Ondrej Sury authored May 04, 2017

The default file extension configuration has been changed to add .phar and remove (some) obsolete extensions

Related news

Roxy Fileman 1.4.6 Remote Shell Upload

Roxy Fileman versions 1.4.6 and below remote shell upload proof of concept exploit.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE