VYPR
Vendor

Mix PHP

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2026-42473CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object.

  • CVE-2026-42472CriMay 1, 2026
    risk 0.57cvss 9.8epss 0.00

    Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object.

  • CVE-2026-42471HigMay 1, 2026
    risk 0.49cvss 8.1epss 0.02

    Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-side RCE if connecting to a malicious server.

  • CVE-2026-37552HigMay 1, 2026
    risk 0.48cvss 8.4epss 0.00

    Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(), then executes the result via call_user_func(). No authentication or signature…

  • CVE-2026-42475MedMay 1, 2026
    risk 0.42cvss 6.5epss 0.00

    SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.

  • CVE-2026-42474MedMay 1, 2026
    risk 0.42cvss 6.5epss 0.00

    SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php.

  • CVE-2019-15422Nov 14, 2019
    risk 0.00cvss epss 0.00

    The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings…