Recent vulnerabilities and exploits

NA
CVE-2019-12246

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries. This database must not serve as the primary source of information for security issues, it is not authoritative for any...

7.5
CVSSv2
CVE-2015-5243

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record....

Phpwhois
7.5
CVSSv2
CVE-2016-10074

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1)...

Swiftmailer
7.5
CVSSv2
CVE-2019-9194

elFinder before 2.1.48 has a command injection vulnerability in the PHP connector....

Std42Elfinder
5
CVSSv2
CVE-2018-13982

Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read...

Smarty
7.5
CVSSv2
CVE-2018-17057

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper....

Limesurvey
7.5
CVSSv2
CVE-2017-9841

Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external...

Phpunit ProjectPhpunit
NA
CVE-2015-8371

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries. This database must not serve as the primary source of information for security issues, it is not authoritative for any...

6.8
CVSSv2
CVE-2018-19277

securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file...

Phpspreadsheet ProjectPhpspreadsheet
NA
CVE-2019-12186

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries. This database must not serve as the primary source of information for security issues, it is not authoritative for any...