CVE-2023-0789
published 2023-02-12CVE-2023-0789: Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.66%
73.8th percentile
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpmyfaq | phpmyfaq | < 3.1.11 | 3.1.11 |
| thorsten | phpmyfaq | >= 0 < 3.1.11 | 3.1.11 |
| thorsten | thorsten_phpmyfaq | >= unspecified < 3.1.11 | 3.1.11 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Command Injection in thorsten/phpmyfaq
osv·2023-02-12
CVE-2023-0789 [CRITICAL] Command Injection in thorsten/phpmyfaq
Command Injection in thorsten/phpmyfaq
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
GHSA
Command Injection in thorsten/phpmyfaq
ghsa·2023-02-12
CVE-2023-0789 [CRITICAL] CWE-77 Command Injection in thorsten/phpmyfaq
Command Injection in thorsten/phpmyfaq
Command Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.11.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2023-52570 kernel: vfio/mdev: fault injection leading to NULL pointer dereference in mdev_unregister_parent()
bugzilla·2024-03-04·CVSS 5.5
CVE-2023-52570 [MEDIUM] CVE-2023-52570 kernel: vfio/mdev: fault injection leading to NULL pointer dereference in mdev_unregister_parent()
CVE-2023-52570 kernel: vfio/mdev: fault injection leading to NULL pointer dereference in mdev_unregister_parent()
In the Linux kernel, the following vulnerability has been resolved:
vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
The Linux kernel CVE team has assigned CVE-2023-52570 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024030255-CVE-2023-52570-0789@gregkh/T/#u
Discussion:
The result of automatic check (that is developed by Alexander Larkin) for this CVE-2023-52570 is: CHECK Maybe valid. Check manually. with impact LOW (that is an approximation based on flags KASAN DANGER NULLPTR INIT ; these flags parsed automatically based on patch data). Such automatic check happens only for Low/Moderates (and only when not from reporter, bu
Bugzilla
CVE-2023-51074 json-path: stack-based buffer overflow in Criteria.parse method
bugzilla·2023-12-28·CVSS 5.3
CVE-2023-51074 [MEDIUM] CVE-2023-51074 json-path: stack-based buffer overflow in Criteria.parse method
CVE-2023-51074 json-path: stack-based buffer overflow in Criteria.parse method
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
https://github.com/json-path/JsonPath/issues/973
Discussion:
Downgrading this flaw to Moderate impact, especially to match NVD CVSS and also our impact rating which, as explained in the statement section, there is a very specific scenario for this flaw to be explored.
---
This issue has been addressed in the following products:
RHBOAC camel-quarkus 3 (camel-4.0/quarkus-3.2)
Via RHSA-2024:0789 https://access.redhat.com/errata/RHSA-2024:0789
---
This issue has been addressed in the following products:
RHINT Camel-Springboot 3.20.5
Via RHSA-2024:0792 https://access.redhat.com/errata/RHSA-2024:0792
---
This iss
https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cbhttps://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5https://github.com/thorsten/phpmyfaq/commit/40515c74815ace394ab23c6c19cbb33fd49059cbhttps://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5https://huntr.com/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5
2023-02-12
Published