According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities:

The phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (CVE-2022-31628)
The vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim’s browser which is treated as a __Host- or __Secure- cookie by PHP applications. (CVE-2022-31629)

Note that the scanner has not tested for these issues but has instead relied only on the application’s self-reported version number.

No source data

VendorProductVersionCPE
phpphp*cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php	php	*	cpe:2.3:a:php:php::::::::

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31628

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31629

www.php.net/ChangeLog-8.php#8.1.11

nessus 48

mageia 2

altlinux 3

suse 2

fedora 6

slackware 2

osv 14

debian 2

gentoo 1

ubuntu 2

redhat 4

almalinux 4

cnvd 1

prion 2

oraclelinux 4

rocky 2

veracode 2

redhatcve 3

debiancve 2

ubuntucve 3

cve 2

alpinelinux 2

cbl_mariner 2

ibm 1

githubexploit 1

checkpoint_advisories 1

freebsd 1

hp 1

oracle 1

nessus

Fedora 36 : php (2022-0b77fbd9e7)

2022-12-23 00:00:00

Fedora 35 : php (2022-afdea1c747)

2022-12-21 00:00:00

openSUSE 15 Security Update : php7 (SUSE-SU-2022:3830-1)

2023-01-20 00:00:00

mageia

Updated php packages fix security vulnerability

2022-10-08 23:22:22

Updated php packages fix security vulnerabilities

2024-04-13 19:56:38

altlinux

Security fix for the ALT Linux 10 package php8.1 version 8.1.11-alt1

2022-10-11 00:00:00

Security fix for the ALT Linux 10 package php8.2 version 8.1.11-alt1

2022-09-30 00:00:00

Security fix for the ALT Linux 10 package php8.0 version 8.0.24-alt1

2022-10-13 00:00:00

suse

Security update for php7 (moderate)

2022-11-01 00:00:00

Security update for php8 (important)

2022-10-19 00:00:00

fedora

[SECURITY] Fedora 36 Update: php-8.1.11-1.fc36

2022-10-06 15:15:28

[SECURITY] Fedora 35 Update: php-8.0.24-1.fc35

2022-10-07 13:13:29

[SECURITY] Fedora 37 Update: php-8.1.12-1.fc37

2022-11-10 22:53:48

slackware

[slackware-security] php

2022-09-30 18:00:43

[slackware-security] php

2024-04-12 19:36:41

osv

php7.4 - security update

2022-11-13 00:00:00

php7.2, php7.4, php8.1 vulnerabilities

2022-11-08 14:42:27

Moderate: php:8.0 security update

2023-02-21 00:00:00

debian

[SECURITY] [DSA 5277-1] php7.4 security update

2022-11-13 18:52:43

[SECURITY] [DLA 3243-1] php7.3 security update

2022-12-15 18:33:17

gentoo

PHP: Multiple Vulnerabilities

2022-11-19 00:00:00

ubuntu

PHP vulnerabilities

2022-11-08 00:00:00

PHP vulnerabilities

2023-03-02 00:00:00

redhat

(RHSA-2023:2903) Moderate: php:7.4 security update

2023-05-16 05:57:44

(RHSA-2023:0965) Moderate: php security update

2023-02-28 07:53:30

(RHSA-2023:2417) Moderate: php:8.1 security update

2023-05-09 05:10:10

almalinux

Moderate: php:7.4 security update

2023-05-16 00:00:00

Moderate: php security update

2023-02-28 00:00:00

Moderate: php:8.0 security update

2023-02-21 00:00:00

cnvd

PHP Denial of Service Vulnerability

2022-09-30 00:00:00

prion

Code injection

2022-09-28 23:15:00

Code injection

2022-09-28 23:15:00

oraclelinux

php:8.0 security update

2023-02-22 00:00:00

8.1 security update

2023-05-15 00:00:00

php security update

2023-02-28 00:00:00

rocky

php security update

2023-04-06 15:53:36

php:8.0 security update

2023-02-22 01:08:53

veracode

Denial Of Service (DoS)

2022-09-30 11:08:30

Insecure Cookie

2022-09-30 11:10:30

redhatcve

CVE-2022-31628

2022-10-13 14:29:46

CVE-2022-31629

2022-10-13 14:29:56

CVE-2024-2756

2024-04-15 08:56:16

debiancve

CVE-2022-31628

2022-09-28 23:15:00

CVE-2022-31629

2022-09-28 23:15:10

ubuntucve

CVE-2022-31628

2022-09-28 00:00:00

CVE-2022-31629

2022-09-28 00:00:00

CVE-2024-2756

2024-04-16 00:00:00

cve

CVE-2022-31628

2022-09-28 23:15:00

CVE-2022-31629

2022-09-28 23:15:10

alpinelinux

CVE-2022-31628

2022-09-28 23:15:00

CVE-2022-31629

2022-09-28 23:15:10

cbl_mariner

CVE-2022-31628 affecting package php 7.4.14-3

2024-04-20 03:10:30

CVE-2022-31629 affecting package php 7.4.14-3

2024-04-20 03:10:30

ibm

Security Bulletin: Vulnerabilities in PHP may affect IBM Spectrum Sentinel Anomaly Scan Engine (CVE-2021-21703, CVE-2021-21708, CVE-2021-21707, CVE-2022-31629, CVE-2022-31628)

2022-12-16 17:01:05

githubexploit

Exploit for Vulnerability in Php

2022-10-07 08:15:23

checkpoint_advisories

PHP Authentication Bypass (CVE-2022-31629)

2022-11-24 00:00:00

freebsd

php -- Multiple vulnerabilities

2024-04-11 00:00:00

HP Device Manager Security Updates

2023-04-13 00:00:00

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for WEB_APPLICATION_SCANNING_113388