5 matches found
EUVD-2020-28200
Malware in sbrugna...
BIT-PHP-MIN-2020-7066 get_headers() silently truncates after a null byte
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...
K17457324: PHP vulnerability CVE-2020-7066
Security Advisory Description In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions...
CVE-2020-7066
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...
PHP 7.2.x < 7.2.29 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is 7.2.x prior to 7.2.29. It is, therefore, affected by multiple vulnerabilities: - A NULL pointer de-reference flaw exists in PHP's Exif component due to its implementation attempting to use uninitialized bytes. An...