PHP Uninitialized Read Vulnerability (CNVD-2019-24792)

PHP is a general-purpose open source scripting language. The syntax absorbs the characteristics of the C language , Java and Perl , easy to learn , widely used , mainly in the field of Web development . An uninitialized read vulnerability exists in exifprocessIFDinMAKERNOTE in the EXIF component ...

PHP has an unspecified vulnerability (CNVD-2019-42540)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A...

PHP has an unspecified vulnerability (CNVD-2019-42541)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A...

PHP has an unspecified vulnerability (CNVD-2019-42546)

PHP PHP: Hypertext Preprocessor, PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language jointly maintained by the PHPGroup and the open source community. The language is mainly used for Web development, supports a variety of databases and operating systems. A...

iWebShop open source mall system has xss vulnerability

iWebShop open source mall system is a PHP language and MYSQL database based on the development of B2B2C single-user and multi-user open source mall system . The system is divided into front-end , back-office and merchant . iWebShop open source mall system has an xss vulnerability that can be...

zzzcms V1.5.7 php official version of the foreground SQL injection vulnerability

zzcms is a free and open source building system, mainly facing the majority of webmasters to use. zzzcms V1.5.7 php official version of the foreground there is a SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information...

Command Execution Vulnerability in YIXUNCMS Backend

YIXUNCMS is a showcase website system developed by Yixun Software Studio for small and medium-sized enterprises, using PHP language and with a stable MYSQL database. YIXUNCMS backend has a command execution vulnerability that can be exploited by attackers to insert Trojan horse files to gain...

PHP Apache2 Component Cross-Site Scripting Vulnerability

PHP is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language is primarily used for web development and supports a variety of databases and operating systems.Apache2 is one of the HTTP server components. A cross-site...

CVE-2012-10056

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/phpvolunteeruploadexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

php: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field

ext/mysqlnd/mysqlndwireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNEDFLAG flag, which allows remote MySQL servers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted field metadata...

oniguruma: Invalid pointer dereference in left_adjust_char_head()

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in leftadjustcharhead during regular expression compilation. Invalid handling of reg-dmax in forwardsearchrange could result in an invalid pointer...

php: Incorrect return value check of OpenSSL sealing function leads to crash

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in...

php: Invalid read when wddx decodes empty boolean element

The phpwddxpushelement function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service out-of-bounds read and memory corruption or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document...

php: Stack-based buffer over-read in msgfmt_parse_message function

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformatparse.c does not restrict the locale length, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact within International...

UBUNTU-CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a final '\0' character...

CVE-2018-8972

Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...

UBUNTU-CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...

VulnCheck KEV: CVE-2012-2336

sapi/cgi/cgimain.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script aka php-cgi, does not properly handle query strings that lack an = equals sign character, which allows remote attackers to cause a denial of service resource consumption by placing...

File Containment Vulnerability in iWebShop Open Source Mall System

iWebShop is an open source WEB e-commerce B2B2C platform self-supporting + merchants stationed station-building system based on PHP language + MYSQL database development, using the MVC architecture Yii framework thinking design pattern carefully designed a product. iWebShop open source mall syste...

SQL Injection Vulnerability in check_need_status, check_pay_sum Methods of WK+shop General Mall System

WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. WK+shop general mall system checkneedstatus, checkpaysum method SQL injection vulnerability, attackers can construct a specif...