Security
Headlines
HeadlinesLatestCVEs

Tag

#php

GHSA-gm98-g2wf-7c68: amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance

In artax version before 1.0.6 and 2 before 2.0.6, cookies of `foo.bar.example.com` were leaked to `foo.bar`. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the current domain, but not on any public suffixes.

ghsa
Open in Source
#vulnerability#git#php
GHSA-8jp9-mpv9-98rj: amphp/http-client Header leakage on cross-domain redirects

amphp/http-client has a security weakness that might leak sensitive request headers from the initial request to the redirected host on cross-domain redirects, which were not removed correctly. `Message::setHeaders` does not replace the entire set of headers, but only operates on the headers matching the given array keys.

GHSA-32rx-xvvr-4xv9: easyadmin-extension-bundle action case insensitivity

In alterphp/easyadmin-extension-bundle, role based access rules do not handle action name case sensitivity which may lead to unauthorized access.

GHSA-h63c-xvpf-264j: ADOdb SQL injection vulnerability

The ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple drivers.

Cacti 1.2.26 Remote Code Execution

Cacti versions 1.2.26 and below suffer from a remote code execution execution vulnerability in import.php.

GHSA-36g8-62qv-5957: TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController

### Problem The `ShowImageController` (_eID tx_cms_showpic_) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. ### Solution Update to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described. #### ℹ️ **Strong security defaults - Manual actions required** The `frame` HTTP query parameter is now ignored, since it could not be used by core APIs. The new feature flag `security.frontend.allowInsecureFrameOptionInShowImageController` – which is disabled per default – can be used to reactivate the previous behavior. ### Credits Thanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team members Benjamin Mack and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-010]...

GHSA-fqw7-839j-hvxj: PHP Censor uses a weak hashing algorithm for the remember me key

php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.

CrushFTP Directory Traversal

CrushFTP versions prior to 11.1.0 suffers from a directory traversal vulnerability.

Prison Management System Using PHP SQL Injection

Prison Management System Using PHP suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Panel.SmokeLoader MVID-2024-0682 Cross Site Request Forgery / Cross Site Scripting

Panel.SmokeLoader malware suffers from cross site request forgery, and cross site scripting vulnerabilities.