Security
Headlines
HeadlinesLatestCVEs

Tag

#php

Xhibiter NFT Marketplace 1.10.2 Cross Site Scripting

Xhibiter NFT Marketplace version 1.10.2 suffers from a cross site scripting vulnerability.

Packet Storm
Open in Source
#xss#vulnerability#windows#google#php#auth#firefox
eStore CMS 2.0 SQL Injection

eStore CMS version 2.0 suffers from a remote SQL injection vulnerability.

Clenix 1.0 Insecure Direct Object Reference

Clenix version 1.0 suffers from an insecure direct object reference vulnerability.

Xenforo 2.2.15 Remote Code Execution

XenForo versions 2.2.15 and below suffer from a remote code execution vulnerability in the Template system.

XenForo 2.2.15 Cross Site Request Forgery

XenForo versions 2.2.15 and below suffer from a cross site request forgery vulnerability in Widget::actionSave.

GHSA-fg86-4c2r-7wxw: TorrentPier Deserialization of Untrusted Data vulnerability

### Summary In `torrentpier/library/includes/functions.php`, `get_tracks()` uses the unsafe native PHP serialization format to deserialize user-controlled cookies: https://github.com/torrentpier/torrentpier/blob/84f6c9f4a081d9ffff4c233098758280304bf50f/library/includes/functions.php#L41-L60 ### PoC One can use [`phpggc`](https://github.com/ambionics/phpggc/) and the chain `Guzzle/FW1` to write PHP code to an arbitrary file, and execute commands on the system. For instance, the cookie `bb_t` will be deserialized when browsing to `viewforum.php`.

Well-Established Cybercriminal Ecosystem Blooming in Iraq

A malicious Telegram bot is the key to a veritable flourishing garden of nefarious cybercriminal activity, which was discovered via a series of Python packages.

GHSA-875x-g8p7-5w27: The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames

### Summary The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. ### Details When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the `allowedCredentials` property in the assertion options response. This allows enumeration of valid or invalid usernames. #### Proposal how to resolve it: ``` return $this->publicKeyCredentialRequestOptionsFactory->create( $this->profile, count($allowedCredentials) <= 0 ? self::getRandomCredentials(): $allowedCredentials, $optionsRequest->userVerification, $extensions ); private static function getRandomCredentials(): array { $credentialSources = []; for ($i = 0; $i <= rand(0,1); $i++) { $credentialSources[] = new PublicKeyCredentialSource( random_bytes(32), "public-key", [], ...