PHP - CVE CyberSecurity Database News (Page 80)

Apr 29, 2024 API PHP

CVE-2024-2757 - PHP 8.3 mb_encode_mimeheader Infinite Loop Bug Explained (with Exploit Example)

The world of programming languages is full of little surprises, but sometimes these surprises can turn into real threats. One recent example is CVE-2024-2757, a

Apr 29, 2024 CSRF XSS PHP PHP Group

CVE-2024-2756 - How Incomplete Fixes Lead to Cookie Confusion in PHP (With Exploit Details)

Sometimes, old vulnerabilities don’t stay buried. CVE-2024-2756 is a perfect example: it comes about because an earlier fix for CVE-2022-31629 wasn’t complete. This

Apr 29, 2024 Windows Exploit PHP PHP Group

CVE-2024-1874 - Command Injection in PHP's proc_open() Array Syntax – How Hackers Can Break Your Windows Server

There’s a dangerous bug discovered in some versions of PHP (CVE-2024-1874) that hides in plain sight—waiting for someone to push the wrong data

Apr 25, 2024 CSRF WordPress Exploit PHP wp-buy

CVE-2023-51484 - Breaking Down the Login as User or Customer (User Switching) WordPress Plugin Vulnerability

On modern content management systems like WordPress, plugins are vital for site functionality and customization. But when plugins have security issues, your site and data

Apr 24, 2024 XSS WordPress Exploit PHP Crocoblock JetFormBuilder

CVE-2023-48763 - How a Simple XSS Vulnerability in JetFormBuilder Left WordPress Sites Wide Open

Summary: CVE-2023-48763 is a Cross-Site Scripting (XSS) vulnerability found in Crocoblock’s JetFormBuilder plugin, affecting all versions up to 3.1.4 (no info about