Debian Linux Security Advisory 5642-1 - Three security issues were discovered in php-svg-lib, a PHP library to read, parse and export to PDF SVG files, which could result in denial of service, restriction bypass or the execution of arbitrary code.
5e13068f973fafd73dbd6db137d7088337677e0ff95c185b8076cc2a7f0f192fGibbon LMS version 26.0.00 suffers from a PHP deserialization vulnerability that allows for authenticated remote code execution.
59928ae4eff1731c08c74e479a51ac4208ffe4eba4d4ff9a8f5158374bc15227Debian Linux Security Advisory 5632-1 - It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead to local privilege escalation or malicious code execution. Due to a technical issue this email was not sent on 2024-02-26 like it should have.
41b32f3945ea62d6717b9bcf3c2f3261d62077b5c247d91363fa5b2bd9022945MSMS-PHP version 1.0 suffers from a remote shell upload vulnerability.
06dd3743528c052502c13e65a54289e54ef53298ff6beb4c6ee8a4810bae36dfMSMS-PHP version 1.0 suffers from a remote SQL injection vulnerability.
07a4b17a4586262f742fb0c1fbec3bfb2ad51bbc7b9e70e96de453b70e201f61The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. Version 4.50 is affected.
8e2ee354af5fde39323dcb9b78bd8d0b892172400746b1b66015b3a87cbd8630Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customer_support/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020.
718d48eb7ca237f5f3ee83bb6118e210de87e3b83055bc4ece1ed2ad4b88e9d9Ubuntu Security Notice 6671-1 - It was discovered that php-nyholm-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use this issue to perform an HTTP header injection attack.
27772bf11ba58e6506ed22ecdca799a5cc5144ec12da1e50691c8a33285fc90dUbuntu Security Notice 6670-1 - It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an HTTP header injection attack.
f678a48ca90812aa9d2b76350886677e9b4c1db467f139d16a69adc2ef646f7cThis Metasploit module leverages CVE-2023-38836, an improper sanitization bug in BoidCMS versions 2.0.0 and below. BoidCMS allows the authenticated upload of a php file as media if the file has the GIF header, even if the file is a php file.
4be34ec34fdd2c459e03d46cbe61a319a411480ce0b82004ab5d83d8fcc669d1Ubuntu Security Notice 6305-2 - USN-6305-1 fixed several vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.
caacfeb4e539a353abe770f6325dbffce7919a619b169957ffad81b1917bb00bThis Metasploit exploit module leverages sql injection and local file inclusion vulnerabilities in Cacti versions prior to 1.2.26 to achieve remote code execution. Authentication is needed and the account must have access to the vulnerable PHP script (pollers.php). This is granted by setting the Sites/Devices/Data permission in the General Administration section.
b4ef67908324e2b53eac068bc36847b4c86d487875706d6d2339e053cc3970f0This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo() function on the login page of the target device, allowing to inspect the PHP configuration. This script also has the option to save the phpinfo() output to a file for further analysis.
56c0a0ad9dba5be91bcf88dbed7e2234e764bf5d6166e8250dfe5f1920543e02XenForo versions 2.2.13 and below suffer from a zip slip filename traversal vulnerability in ArchiveImport.php.
5deccbdac2cfe207ec995833b611569397b53b3acedb61fbd211edfe7bb16b0dVinchin Backup and Recovery versions 7.2 and below suffer from a command injection vulnerability in SystemHandler.class.php.
dc8db7a93b49f089a2c51bccac868cf579a7563c72b570b389665c44bbc72c33Red Hat Security Advisory 2024-0387-03 - An update for the php:8.1 module is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
9e341b2e86799d9ac8b07a6ec52cc960f726908e4657fdedf47b8b3de3a9fd76This Metasploit module exploits an unauthenticated remote command execution vulnerability in WordPress Backup Migration plugin versions 1.3.7 and below. The vulnerability is exploitable through the Content-Dir header which is sent to the /wp-content/plugins/backup-backup/includes/backup-heart.php endpoint. The exploit makes use of a neat technique called PHP Filter Chaining which allows an attacker to prepend bytes to a string by continuously chaining character encoding conversions. This allows an attacker to prepend a PHP payload to a string which gets evaluated by a require statement, which results in command execution.
1feecca12306422ebe993c3821d87be77ad3056e719f9dcbae7c033f156e447fUbuntu Security Notice 6550-1 - It was discovered that Smarty, that is integrated in the PostfixAdmin code, was not properly sanitizing user input when generating templates. An attacker could, through PHP injection, possibly use this issue to execute arbitrary code. It was discovered that Moment.js, that is integrated in the PostfixAdmin code, was using an inefficient parsing algorithm when processing date strings in the RFC 2822 standard. An attacker could possibly use this issue to cause a denial of service.
63590f2a95686afe65ce57bda6bffeb19c1b4db5f13381940d89cd04952491fdISPConfig versions 4.2.11 and below suffer from a PHP code injection vulnerability in language_edit.php.
d5776b6c39736c11bc5b6ee2bae4179fb341f58ff08665b96718f64ac8b63242This Metasploit module exploits a command injection vulnerability in MagnusBilling application versions 6.x and 7.x that allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. A piece of demonstration code is present in lib/icepay/icepay.php, with a call to an exec(). The parameter to exec() includes the GET parameter democ, which is controlled by the user and not properly sanitised/escaped. After successful exploitation, an unauthenticated user is able to execute arbitrary OS commands. The commands run with the privileges of the web server process, typically www-data or asterisk. At a minimum, this allows an attacker to compromise the billing system and its database.
62af9cc329c88e7f145a1675e178871c1a75c9da5de26c8c623bef2bde4a73c2phpFox versions 4.8.13 and below have an issue where user input passed through the "url" request parameter to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.
ee85170a47f6253886312ffd969da7bc6af218c972178b1c78103cec1ae79a03SugarCRM versions 13.0.1 and below suffer from a server-side template injection vulnerability in the GetControl action from the Import module. This issue can be leveraged to execute arbitrary php code.
482a650864ca894b028d96d1341d94b0fd22a59191625c172302fe115ad4deb5Ubuntu Security Notice 6199-2 - USN-6199-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information.
e46b12e2ae2685b34c9735991a469a71e79fcd955c1df600d8da3956401fe3d8Red Hat Security Advisory 2023-5927-01 - An update for the php:8.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.
46c527bdcfb2145b61c0830ad98c9738174c2195ac8e1cd6200c84896fdfff5dRed Hat Security Advisory 2023-5926-01 - An update for php is now available for Red Hat Enterprise Linux 9. Issues addressed include a denial of service vulnerability.
f7b3d25853c407b0835193e19c69c5d5226d02c94935df3692d13b2fede8c6ec
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed