Security
Headlines
HeadlinesLatestCVEs

Tag

#php

CVE-2021-32649

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework. Prior to versions 1.0.473 and 1.1.6, an attacker with "create, modify and delete website pages" privileges in the backend is able to execute PHP code by running specially crafted Twig code in the template markup. The issue has been patched in Build 473 (v1.0.473) and v1.1.6. Those unable to upgrade may apply the patch to their installation manually as a workaround.

CVE
Open in Source
#web#php#rce#auth
CVE-2022-23222: security - Linux Kernel eBPF Improper Input Validation Vulnerability

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

CVE-2022-22990: WDC-22002 My Cloud OS 5 Firmware 5.19.117 | Western Digital

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.

CVE-2021-23227: WordPress PHP Everywhere plugin <= 2.0.2 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions.

CVE-2022-23134: [ZBX-20384] Possible view of the setup pages by unauthenticated users if config file already exists (CVE-2022-23134)

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.

CVE-2022-23116: security - Multiple vulnerabilities in Jenkins and Jenkins plugins

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

CVE-2021-29454: Merge pull request from GHSA-29gp-2c3m-3j6m · smarty-php/smarty@215d81a

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch.

CVE-2021-21408: Merge pull request from GHSA-4h9c-v5vg-5m6m · smarty-php/smarty@19ae410

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch.

CVE-2022-0155: Exposure of Private Personal Information to an Unauthorized Actor in follow-redirects

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

CVE-2021-24948: Give feedback and suggest new ideas for The Plus Addons for Elementor. Powered by FeedBear.

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts