Ubuntu Security Notice 5479-2 - USN-5479-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 ESM. Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
aa2ecc6d33290de62a187d79e29fabd47aae5f43ed95f14174febf9e0069a0cc
Red Hat Security Advisory 2022-5491-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow and privilege escalation vulnerabilities.
36e1c6ff0f104cd3b9632850a092a8a5455e29cb191ef477cb08e06cd0f97920
Several PHP compatibility libraries contain a potential remote code execution flaw in their json_decode() function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more.
15c734bb46c83c88ca1f44b832953d3f324999fb6a6e5fa2aaf519830ded1198
Red Hat Security Advisory 2022-5467-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a buffer overflow vulnerability.
ec86cdc0e2a80ca430b4abba6e5b829de411530afe3ea46727f42550f6ee2dda
Red Hat Security Advisory 2022-5471-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a buffer overflow vulnerability.
df30986c5345f6274a64b7d575f2de7938dbd15d03728190852fabc9fb6b4dba
Red Hat Security Advisory 2022-5468-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a buffer overflow vulnerability.
393afd72a7cac2bdea05c3fb782ce0be95ad35f2e3699615d64ac19a5a68c495
Ubuntu Security Notice 5479-1 - Charles Fol discovered that PHP incorrectly handled initializing certain arrays when handling the pg_query_params function. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code. Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A remote attacker could use this issue to cause PHP to crash, resulting in a denial of service, or possibly execute arbitrary code.
fff7be8288ca0bb5a98e836995de23511ee5810269ce68023a5b2cc07c999f5d
This Metasploit module exploits an improper input validation vulnerability in MyBB versions prior to 1.8.30 to execute arbitrary code in the context of the user running the application. The MyBB Admin Control setting page calls the PHP eval function with unsanitized user input. The exploit adds a new setting, injecting the payload in the vulnerable field, and triggers its execution with a second request. Finally, it takes care of cleaning up and removes the setting. Note that authentication is required for this exploit to work and the account must have rights to add or update settings (typically, the myBB administrator role).
b59589e32d8e76fd8a874fc6ea8f9b40d067ee43017c9072165e2a8ca889d7de
Debian Linux Security Advisory 5151-1 - Several security vulnerabilities have been discovered in smarty3, the compiling PHP template engine. Template authors are able to run restricted static php methods or even arbitrary PHP code by crafting a malicious math string or by choosing an invalid {block} or {include} file name. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP code as well.
00378c9d45f203438ba46e8abbade7d4910a9331f6e4759dd22f7f3cc948f369
Red Hat Security Advisory 2022-1935-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include bypass, privilege escalation, and server-side request forgery vulnerabilities.
5ac37a20c66d6dd00fcf5f109c3261ba56a23ac26523e73dc2b13bec0d586020
WordPress Booking Calendar plugin versions 9.1 and below suffer from PHP object injection and insecure deserialization vulnerabilities.
ca383548169d539c9e3c7a8fb2058f0828391d09365e432f7376f20ec13cc507
SAP Information System version 1.0.0 suffers from an improper authentication vulnerability that allows a malicious user to create an administrative account without needing to authenticate. The POST request is sent to the /SAP_Information_System/controllers/add_admin.php endpoint. The problem occurs due to lack of session verification in the request.
81b2d35c550ef4f8db3fd0aac42c15232a707b20d75b5eeabeefd52e176de1e6
Online Sports Complex Booking System version 1.0 suffers from a remote blind SQL injection vulnerability in Users.php. This is a similar issue as the one discovered by Saud Alenazi in March of 2022 but affects a different file.
f3b7c99d8727d07603b174d479dfb42058fa680951e9988a3939e654323f2f78
Roxy File Manager version 1.4.5 proof of concept exploit for a PHP file upload restriction bypass vulnerability.
56429affeb38a91070ee24b0aaf512970594ce033504501832983da83e9dea5a
When the filter_var function is used in conjunction with the flags FILTER_VALIDATE_DOMAIN and FILTER_FLAG_HOSTNAME, there is a vulnerability in PHP that allows the filter to be bypassed. A patch has been included by the researcher as the PHP security team seems to have ignored this concern.
adddea024dbdd005a547c113193969e21a6c422c65e5611f207efd46bf8ae635
Debian Linux Security Advisory 5101-1 - Emmet Leahy reported that libphp-adodb, a PHP database abstraction layer library, allows to inject values into a PostgreSQL connection string. Depending on how the library is used this flaw can result in authentication bypass, reveal a server IP address or have other unspecified impact.
da6640b359a8cfabc20e0e3dcf9350c24d76354f44fa8936e54d308c37d252f9
Debian Linux Security Advisory 5107-1 - Marlon Starkloff discovered that twig, a template engine for PHP, did not correctly enforce sandboxing. This would allow a malicious user to execute arbitrary code.
25856c4086f15018ef7136c2855e450bde64b67a1eb74841234440b67077bb45
ImpressCMS versions 1.4.2 and below pre-authentication SQL injection to remote code execution exploit. User input passed through the "groups" POST parameter to the /include/findusers.php script is not properly sanitized before being passed to the icms_member_Handler::getUserCountByGroupLink() and icms_member_Handler::getUsersByGroupLink() methods. These methods use the first argument to construct a SQL query without proper validation, and this can be exploited by remote attackers to e.g. read sensitive data from the "users" database table through boolean-based SQL Injection attacks. The application uses PDO as a database driver, which allows for stacked SQL queries, as such this vulnerability could be exploited to e.g. create a new admin user and execute arbitrary PHP code.
576e64698cc9d7062dccead415b9bdbbe2c02e4ae86258cd980164b5e56355cc
Ubuntu Security Notice 5300-3 - USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 21.10. It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.
79f9d135d4d4a7c56dc43a848d48ffdb653c44069b4fe34f8a66deeb9811750f
Ubuntu Security Notice 5300-2 - USN-5300-1 fixed vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.
8d289bff69aa5a1c07a2ec7e6f761299daae4511e4dcce44a32c652a3e06a38e
Debian Linux Security Advisory 5082-1 - Two security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure or denial of service.
0d3f1a5fe1e49457b4ad5606bb3a59b6b219551a7056119efecb97680d9f7506
Ubuntu Security Notice 5303-1 - It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service, or possibly execute arbitrary code.
eac3ef8542d9946db383117234b5345b135eed10bf4036c82db688ec31e6cf88
Ubuntu Security Notice 5300-1 - It was discovered that PHP incorrectly handled certain scripts. An attacker could possibly use this issue to cause a denial of service. It was discovered that PHP incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service, or possibly obtain sensitive information. It was discovered that PHP incorrectly handled certain scripts with XML parsing functions. An attacker could possibly use this issue to obtain sensitive information.
a3c43189a77d959782469e503170048c773cfe62638b7e5096d7604ac94e195c
This Metasploit module exploits a path traversal issue in Nagios XI before version 5.8.5. The path traversal allows a remote and authenticated administrator to upload a PHP web shell and execute code as www-data. The module achieves this by creating an autodiscovery job with an id field containing a path traversal to a writable and remotely accessible directory, and custom_ports field containing the web shell. A cron file will be created using the chosen path and file name, and the web shell is embedded in the file. After the web shell has been written to the victim, this module will then use the web shell to establish a Meterpreter session or a reverse shell. By default, the web shell is deleted by the module, and the autodiscovery job is removed as well.
056c02dbc5e575c5155e8c34f4766dcc9830256d1bc589d898d599d7f0e9dc4d
PHP Everywhere versions 2.0.3 and below suffer from multiple remote code execution vulnerabilities.
6a2dcc3898ac3a1b90915521a41f2d6e5e9592121ab91ccecbf993baae2e11e2