3v4l.org

run code in 300+ PHP versions simultaneously
<?php $html = '<ul> <li><strong>Project:</strong> Joomla!</li> <li><strong>SubProject:</strong> CMS</li> <li><strong>Impact:</strong> <span class="label label-danger">High</span></li> <li><strong>Severity:</strong> <span class="label label-info">Low</span></li> <li><strong>Versions:</strong> 2.5.0 - 3.9.13</li> <li><strong>Exploit type:</strong> SQL injection</li> <li><strong>Reported Date:</strong> 2019-December-01</li> <li><strong>Fixed Date:</strong> 2019-December-17</li> <li><strong>CVE Number:</strong> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19846">CVE-2019-19846</a></li> </ul> <h3>Description</h3> <p>The lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors.</p> <h3>Affected Installs</h3> <p>Joomla! CMS versions 2.5.0 - 3.9.13</p> <h3>Solution</h3> <p>Upgrade to version 3.9.14</p> <h3>Contact</h3> <p>The JSST at the <a title="Contact the JSST" href="https://developer.joomla.org/security-centre.html">Joomla! Security Centre</a>.</p> <div class="alert alert-info"><strong>Reported By: </strong>ka1n4t</div><div class="feedflare"> <a href="https://feeds.joomla.org/~ff/JoomlaSecurityNews?a=GIZJHbqr1wQ:mKZamezlv3g:yIl2AUoC8zA"></a> </div>'; $doc = new DOMDocument(); $doc->loadHTML($html); $xpath = new DOMXPath($doc); $feed_items = $xpath->query('//div[contains(@class, "feed-item-description")]'); var_dump($feed_items);
Finding entry points
Branch analysis from position: 0
1 jumps found. (Code = 62) Position 1 = -2
filename:       /in/uoaSJ
function name:  (null)
number of ops:  19
compiled vars:  !0 = $html, !1 = $doc, !2 = $xpath, !3 = $feed_items
line      #* E I O op                           fetch          ext  return  operands
-------------------------------------------------------------------------------------
    3     0  E >   ASSIGN                                                   !0, '%3Cul%3E%0A%3Cli%3E%3Cstrong%3EProject%3A%3C%2Fstrong%3E+Joomla%21%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESubProject%3A%3C%2Fstrong%3E+CMS%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EImpact%3A%3C%2Fstrong%3E+%3Cspan+class%3D%22label+label-danger%22%3EHigh%3C%2Fspan%3E%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ESeverity%3A%3C%2Fstrong%3E+%3Cspan+class%3D%22label+label-info%22%3ELow%3C%2Fspan%3E%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EVersions%3A%3C%2Fstrong%3E+2.5.0+-+3.9.13%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EExploit+type%3A%3C%2Fstrong%3E+SQL+injection%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EReported+Date%3A%3C%2Fstrong%3E+2019-December-01%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3EFixed+Date%3A%3C%2Fstrong%3E+2019-December-17%3C%2Fli%3E%0A%3Cli%3E%3Cstrong%3ECVE+Number%3A%3C%2Fstrong%3E+%3Ca+href%3D%22https%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2019-19846%22%3ECVE-2019-19846%3C%2Fa%3E%3C%2Fli%3E%0A%3C%2Ful%3E%0A%3Ch3%3EDescription%3C%2Fh3%3E%0A%3Cp%3EThe+lack+of+validation+of+configuration+parameters+used+in+SQL+queries+caused+various+SQL+injection+vectors.%3C%2Fp%3E%0A%3Ch3%3EAffected+Installs%3C%2Fh3%3E%0A%3Cp%3EJoomla%21+CMS+versions+2.5.0+-+3.9.13%3C%2Fp%3E%0A%3Ch3%3ESolution%3C%2Fh3%3E%0A%3Cp%3EUpgrade+to+version+3.9.14%3C%2Fp%3E%0A%3Ch3%3EContact%3C%2Fh3%3E%0A%3Cp%3EThe+JSST+at+the+%3Ca+title%3D%22Contact+the+JSST%22+href%3D%22https%3A%2F%2Fdeveloper.joomla.org%2Fsecurity-centre.html%22%3EJoomla%21+Security+Centre%3C%2Fa%3E.%3C%2Fp%3E%0A%3Cdiv+class%3D%22alert+alert-info%22%3E%3Cstrong%3EReported+By%3A+%3C%2Fstrong%3Eka1n4t%3C%2Fdiv%3E%3Cdiv+class%3D%22feedflare%22%3E%0A%3Ca+href%3D%22https%3A%2F%2Ffeeds.joomla.org%2F%7Eff%2FJoomlaSecurityNews%3Fa%3DGIZJHbqr1wQ%3AmKZamezlv3g%3AyIl2AUoC8zA%22%3E%3C%2Fa%3E%0A%3C%2Fdiv%3E'
   26     1        NEW                                              $5      'DOMDocument'
          2        DO_FCALL                                      0          
          3        ASSIGN                                                   !1, $5
   27     4        INIT_METHOD_CALL                                         !1, 'loadHTML'
          5        SEND_VAR_EX                                              !0
          6        DO_FCALL                                      0          
   28     7        NEW                                              $9      'DOMXPath'
          8        SEND_VAR_EX                                              !1
          9        DO_FCALL                                      0          
         10        ASSIGN                                                   !2, $9
   29    11        INIT_METHOD_CALL                                         !2, 'query'
         12        SEND_VAL_EX                                              '%2F%2Fdiv%5Bcontains%28%40class%2C+%22feed-item-description%22%29%5D'
         13        DO_FCALL                                      0  $12     
         14        ASSIGN                                                   !3, $12
   30    15        INIT_FCALL                                               'var_dump'
         16        SEND_VAR                                                 !3
         17        DO_ICALL                                                 
         18      > RETURN                                                   1

Generated using Vulcan Logic Dumper, using php 8.0.0

preferences:
181.16 ms | 1396 KiB | 15 Q