GCVE - cpe:2.3:a:apereo:phpcas:0.4.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:apereo:phpcas:0.4.1:*:*:*:*:*:*:*

part: a version: 0.4.1 update: *

Vendor	Apereo (`497abf49-80d7-5c5f-927e-22e0814c4740`)
Product	Phpcas (`8f0cb0b6-8c9e-5263-b669-ef6618167b7f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:bitbucket/ugaportal/phpcas`	purl2cpe	2026-06-01 10:13:17.548118
`pkg:github/apereo/phpcas`	purl2cpe	2026-06-01 10:13:17.548120

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-3692`	vulnerable	2026-06-08 04:55:16.334521	Details available Directory traversal vulnerability in the callback function in client.php in phpCAS before 1.1.3, when proxy mode is enabled, allows remote attackers to create or overwrite arbitrary files via directory traversal sequences in a Proxy Granting Ticket IOU (PGTiou) parameter. Published: 2010-10-07T20:21:00.000Z Updated: 2024-08-07T03:18:52.594Z Open on db.gcve.eu Reference links http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 http://www.debian.org/security/2011/dsa-2172 https://issues.jasig.org/browse/PHPCAS-80 http://www.vupen.com/english/advisories/2011/0456 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-3691`	vulnerable	2026-06-08 04:55:16.333438	Details available PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is enabled, allows local users to overwrite arbitrary files via a symlink attack on an unspecified file. Published: 2010-10-07T20:21:00.000Z Updated: 2024-08-07T03:18:53.089Z Open on db.gcve.eu Reference links http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 http://www.debian.org/security/2011/dsa-2172 https://issues.jasig.org/browse/PHPCAS-80 http://www.vupen.com/english/advisories/2011/0456 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-3690`	vulnerable	2026-06-08 04:55:16.319713	Details available Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls. Published: 2010-10-07T20:21:00.000Z Updated: 2024-08-07T03:18:52.782Z Open on db.gcve.eu Reference links http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82 http://www.debian.org/security/2011/dsa-2172 https://issues.jasig.org/browse/PHPCAS-80 http://www.vupen.com/english/advisories/2011/0456 http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049600.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.