Description

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Remediation

References

CVE-2018-5712

Related Vulnerabilities

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)

WordPress Plugin Cart All In One For WooCommerce Cross-Site Request Forgery (1.1.10)

Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33510)

WordPress Plugin Conduit Banner 'banner-index-field-id' Parameter Cross-Site Scripting (0.2)

WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)

Severity

Medium

Classification

CVE-2018-5712 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities