WS-2018-0030 | Mend Vulnerability Database

Vulnerability DatabaseWS-2018-0030

WS-2018-0030

Published:May 14, 2026

Updated:May 14, 2026

Escape base directory name when building shell command in PHP_CodeSniffer through version 3.0.0

Affected Packages

phpui/hom-php (PHP):

Affected version(s) >=v1.0 <=v1.2

Fix Suggestion:

Update to version no_fix

everton3x/hom-php (PHP):

Affected version(s) >=v1.0 <=v1.2

Fix Suggestion:

Update to version no_fix

astinus/php_codesniffer (PHP):

Affected version(s) =dev-3.0.0.x-dev <3.0.0.1

Fix Suggestion:

Update to version 3.0.0.1

litepubl/cms (PHP):

Affected version(s) =7.08.0 <v7.08

Fix Suggestion:

Update to version v7.08

Related Resources (3)

https://github.com/squizlabs/PHP_CodeSniffer/pull/1475

https://github.com/squizlabs/PHP_CodeSniffer/commit/7ce7bb942f5667724e81a3ea99e805a30be6c05b

https://github.com/FriendsOfPHP/security-advisories/commit/ce4fd65f6d6c658c70b35b24cfcbbd3f693fd497

Do you need more information?

CVSS v4

Base Score:

6.9

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW