Flightphp Core
6 CVEs affecting Flightphp Core. Latest disclosed: 2026-05-13. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42550 | High | 8.8 | 2026-05-13 | Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert(), SimplePdo::update(), and SimplePdo::delete() build SQL statements by con… |
CVE-2026-42552 | High | 7.5 | 2026-05-13 | Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::_error() writes the full exception message, exception code… |
CVE-2026-42551 | High | 7.5 | 2026-05-13 | Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUE… |
CVE-2014-125127 | High | 7.5 | 2025-09-03 | The mikecao/flight PHP framework in versions prior to v1.2 is vulnerable to Denial of Service (DoS) attacks due to eager loading of request bodies in the Reque… |
CVE-2026-42549 | Medium | 4.4 | 2026-05-13 | Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir(..., recursive: true) on a path built from the us… |
CVE-2026-42548 | | 2026-05-13 | Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?jsonp= query parameter directly into an application/javascr… |