CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

30 matches found

CVE-2026-10287 SourceCodester SEO Meta Tag Extractor index.php get_headers server-side request forgery

A vulnerability was determined in SourceCodester SEO Meta Tag Extractor 1.0. This vulnerability affects the function getheaders of the file /index.php. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

7.5CVSS0.00045EPSS

Exploits0References6

CVE•added 2 days ago•10 views

CVE-2026-10287

The vulnerability affects SourceCodester SEO Meta Tag Extractor 1.0, specifically the get_headers function in /index.php. The issue arises from manipulating the url parameter, enabling server-side request forgery (SSRF) that can be initiated remotely. Exploit details have been publicly disclosed....

7.5CVSS5.6AI score0.00045EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-28200

Malware in sbrugna...

5.3CVSS6.6AI score0.02189EPSS

Exploits1References16

OSV•added 2025/01/14 7:23 p.m.•14 views

BIT-PHP-MIN-2020-7066 get_headers() silently truncates after a null byte

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the getheade...

5.3CVSS6.6AI score0.02189EPSS

Exploits1References9

Tenable Nessus•added 2024/06/03 12:0 a.m.•34 views

RHEL 8 : 7.2_php (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - php: Information disclosure in exifreaddata function CVE-2020-7064 - In PHP versions 7.2.x below 7.2.29,...

6.5CVSS7.2AI score0.0233EPSS

Exploits2References2

OSV•added 2024/03/06 11:6 a.m.•33 views

BIT-PHP-2020-7066 get_headers() silently truncates after a null byte

5.3CVSS6.6AI score0.02189EPSS

Exploits1References9

F5 Networks•added 2023/02/21 6:52 p.m.•108 views

K17457324: PHP vulnerability CVE-2020-7066

Security Advisory Description In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using getheaders with user-supplied URL, if the URL contains zero \0 character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions...

5.3CVSS7.1AI score0.02189EPSS

Exploits1

OpenVAS•added 2022/01/28 12:0 a.m.•35 views

Mageia: Security Advisory (MGASA-2020-0148)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS6.2AI score0.04994EPSS

Exploits3References4

Veracode•added 2020/08/06 9:35 p.m.•39 views

NULL Byte Injection

PHP7 is vulnerable to NULL byte injection. While using getheaders with user-supplied URL, if the URL contains null byte \0, the URL will be silently truncated. This causes certain software to make incorrect assumptions about the target of the getheaders and potentially send confidential informati...

5.3CVSS1.9AI score0.02189EPSS

Exploits1References8Affected Software2

Tenable Nessus•added 2020/06/25 12:0 a.m.•37 views

EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1700)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied...

6.5CVSS7AI score0.0233EPSS

Exploits2References3

Tenable Nessus•added 2020/05/15 12:0 a.m.•261 views

Amazon Linux AMI : php72 (ALAS-2020-1367)

The version of php72 installed on the remote host is prior to 7.2.30-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1367 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...

7.5CVSS7.1AI score0.08994EPSS

Exploits3References7

Tenable Nessus•added 2020/05/15 12:0 a.m.•78 views

Amazon Linux AMI : php73 (ALAS-2020-1368)

The version of php73 installed on the remote host is prior to 7.3.17-1.25. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1368 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...

8.8CVSS7.3AI score0.08994EPSS

Exploits4References9

Amazon•added 2020/05/13 12:0 a.m.•104 views

Medium: php72

Issue Overview: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

7.5CVSS6.7AI score0.08994EPSS

Exploits3

Amazon•added 2020/05/13 12:0 a.m.•98 views

Medium: php73

8.8CVSS7.4AI score0.08994EPSS

Exploits4

Tenable Nessus•added 2020/05/11 12:0 a.m.•47 views

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:1199-1)

This update for php7 fixes the following issues : CVE-2020-7064: Fixed a one byte read of uninitialized memory in exifreaddata bsc1168326. CVE-2020-7066: Fixed URL truncation getheaders if the URL contains zero \0 character bsc1168352. Note that Tenable Network Security has extracted the precedin...

6.5CVSS6.8AI score0.0233EPSS

Exploits2References7