<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Command-Injection on HackingPassion.com : root@HackingPassion.com-[~]</title><link>https://hackingpassion.com/tags/command-injection/</link><description>Recent content in Command-Injection on HackingPassion.com : root@HackingPassion.com-[~]</description><generator>Hugo</generator><language>en</language><lastBuildDate>Wed, 15 Apr 2026 10:38:02 +0200</lastBuildDate><atom:link href="https://hackingpassion.com/tags/command-injection/index.xml" rel="self" type="application/rss+xml"/><item><title>PHP Composer Command Injection CVE-2026-40261</title><link>https://hackingpassion.com/php-composer-command-injection-cve-2026-40261/</link><pubDate>Wed, 15 Apr 2026 10:38:02 +0200</pubDate><guid>https://hackingpassion.com/php-composer-command-injection-cve-2026-40261/</guid><description>&lt;p>PHP Composer Has Two Flaws That Run Arbitrary Commands on Developer Machines
PHP Composer, the package manager that almost every PHP developer uses to build websites and applications, has two serious vulnerabilities that allow an attacker to run arbitrary commands on any machine running a vulnerable version. Neither one requires Perforce to be installed, configured, or even known about. Patches came out on April 14, 2026, and many environments will still be running vulnerable versions. 😏&lt;/p></description></item></channel></rss>