Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2020-36655: Yii2 Gii Remote Code Execution

Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.

CVE
Open in Source
#vulnerability#web#git#php#rce
GHSA-xwhj-pqcg-8rcr: CakePHP vulnerable to Cross-site Scripting in some development error pages

CakePHP 3.4 prior to 3.4.14, 3.5 prior to 3.5.17, and 3.6 prior to 3.6.4 contains a cross-site-scripting (XSS) vulnerability in the development only `missing route` and `duplicate named route` error pages.

GHSA-p76f-wr22-4rv6: CakePHP vulnerable to Remote File Inclusion through View template name manipulation

CakePHP 2.x prior to 2.0.99, 2.1.99, 2.2.99, 2.3.99, 2.4.99, 2.5.99, 2.6.12, and 2.7.6 and 3.x prior to 3.0.15 and 3.1.4 is vulnerable to Remote File Inclusion through View template name manipulation.

GHSA-6hg4-vp5q-47mw: CakePHP allows direct access of prefixed controller actions

Unconventional URL paths would allow direct access to prefixed actions without setting the correct request parameters.

GHSA-q79m-c546-2g63: CakePHP vulnerable to Denial of Service attack through XML payloads

RequestHandlerComponent had a vulnerability that would allow well crafted requests to create a denial of service attack. RequestHandlerComponent leverages `Xml::build()` which allows reading local files. We recommend that all applications using RequestHandlerComponent upgrade, or disable parsing XML payloads.

GHSA-j9q2-f9q7-jhgq: CakePHP SecurityComponent cross form submission issue

Prior to versions 2.4.8 and 1.3.18, forms secured by SecurityComponent could be submitted to any action without triggering SecurityComponent’s tampering protection. If an application contained multiple POST forms to manipulate the same models, it could be vulnerable to mass assignment issues.

GHSA-829q-v5g8-hhxc: CakePHP has incorrect Cross-Site Request Forgery validation

CsrfComponent fails to invalidate requests that are missing both the CSRF token, and CSRF post data.

CVE-2023-24028: fix: [security] Prevent unauthorized access to decaying import function · MISP/MISP@93bf15d

In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.

CVE-2023-23607: Unrestricted file upload leads to Remote Code Execution

erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.

CVE-2023-23024: XSS in Book Store

Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter.