CVE-2023-35840

joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector...

BlueCMS SQL注入漏洞

BlueCMS is a content management system CMS based on PHP and MySQL. A security vulnerability exists in BlueCMS v1.6, which can be exploited for SQL injection via the keywords parameter in search.php...

OESA-2023-1273 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

WordPress Plugin PHP Execution 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

The vulnerability in the PHP programming language component main/streams/xp_socket.c allows a attacker to gain access to confidential data.

The vulnerability in the main/streams/xpsocket.c component of the PHP programming language is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain access to confidential data remotely...

Pluck CMS 代码问题漏洞

Pluck is a content management system CMS developed using the PHP language. A security vulnerability exists in Pluck CMS that stems from a lack of validation of file extensions...

php: PDO:: quote() may return unquoted string due to an integer overflow

A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDOSQLite returning an improperly quoted string. With the implementation of sqlite3snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplie...

CVE-2022-48149

Online Student Admission System in PHP Free Source Code 1.0 was discovered to contain a SQL injection vulnerability via the username parameter...

php: potential buffer overflow in php_cli_server_startup_workers

A vulnerability was found in PHP where setting the environment variable PHPCLISERVERWORKERS to a large value leads to a heap buffer overflow...

php: OOB read due to insufficient input validation in imageloadfont()

An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system...

php: standard insecure cookie could be treated as a '__Host-' or '__Secure-' cookie by PHP applications

A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser,...

PHP 安全漏洞

PHP is a scripting language for PHP that is executed server-side. A security vulnerability in PHP versions 8.0.X prior to 8.0.28, 8.1.X prior to 8.1.16, and 8.2.X prior to 8.2.3 stems from a byte after an allocated buffer being overwritten by a NULL value, which could lead to unauthorized data...

SUSE CVE-2005-0524

The phphandleiff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service infinite loop via a -8 size value...

SUSE CVE-2005-3353

The exifreaddata function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service infinite loop via a malformed JPEG image...

SUSE CVE-2006-4482

Multiple heap-based buffer overflows in the 1 strrepeat and 2 wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990...

SUSE CVE-2006-5465

Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the 1 htmlentities or 2 htmlspecialchars functions...

SUSE CVE-2007-0448

The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safemode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI...

SUSE CVE-2007-0911

Off-by-one error in the strireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service crash...

SUSE CVE-2007-1396

The importrequestvariables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the 1 GET, 2 POST, 3 COOKIE, 4 FILES, 5 SERVER, 6 SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address a...

SUSE CVE-2007-1825

Buffer overflow in the imapmailcompose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3...