PHP 8.0.x < 8.0.12 Privilege Escalation

According to its self-reported version number, the version of PHP running on the remote web server is 7.3.x priori to 7.3.32, 7.4.x prior to 7.4.25 or 8.0.x prior to 8.0.12. It is, therefore, affected by a privilege escalation vulnerability. The root FPM process can be forced to read/write at...

CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

CVE-2021-21704

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute, execute, fetch and others by returning invalid response data that is not...