Every CVE whose affected-product data names Apereo Phpcas, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2014-4172 — CVSS 9.8 (critical): A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client…
CVE-2017-1000071 — CVSS 8.1 (high): Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass in the validateCAS20 function when configured to authenticate against…
CVE-2022-39369 — CVSS 8.0 (high): phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Service (CAS)…
CVE-2010-3692 — CVSS 6.4 (medium): Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote…
CVE-2012-5583 — CVSS 5.8 (medium): phpCAS before 1.3.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName…
CVE-2012-1105 — CVSS 5.5 (medium): An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central…
CVE-2012-1104 — CVSS 5.3 (medium): A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.
CVE-2010-3690 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject…
CVE-2010-3691 — CVSS 3.3 (low): PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink…