BIT-PHP-MIN-2021-21703 PHP-FPM memory access in root process leading to privilege escalation

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the...

BIT-PHP-MIN-2021-21705 Incorrect URL validation in FILTER_VALIDATE_URL

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filtervar function with FILTERVALIDATEURL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and...

BIT-PHP-MIN-2021-21706 ZipArchive::extractTo may extract outside of destination dir

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS...

BIT-PHP-MIN-2021-21707 Special characters break path parsing in XML functions

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexmlloadfile, URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the...

BIT-PHP-MIN-2021-21708 UAF due to php_filter_float() failing

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in...

BIT-PHP-MIN-2022-31625 Freeing unallocated memory in php_pgsql_free_params()

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

BIT-PHP-MIN-2022-31627 Heap buffer overflow in finfo_buffer

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfobuffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption...

BIT-PHP-MIN-2022-31628 phar wrapper can occur dos when using quine gzip file

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop...

BIT-PHP-MIN-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2. before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure ...

BIT-PHP-MIN-2024-1874 Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

BIT-PHP-MIN-2024-2408 PHP is vulnerable to the Marvin Attack

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

BIT-PHP-MIN-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, due to a code logic error, filtering functions such as filtervar when validating URLs FILTERVALIDATEURL for certain types of URLs the function will result in invalid user information username + password part of URLs being...

BIT-PHP-MIN-2024-8925 Erroneous parsing of multipart form data

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

BIT-PHP-MIN-2024-8929 Leak partial content of the heap through heap buffer over-read in mysqlnd

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, 8.3. before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server...

BIT-PHP-MIN-2024-9026 PHP-FPM logs from children may be altered

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catchworkersoutput = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log...

PT-2025-11344

Name of the Vulnerable Software and Affected Versions PHP versions 8.1. through 8.1.31 PHP versions 8.2. through 8.2.27 PHP versions 8.3. through 8.3.18 PHP versions 8.4. through 8.4.4 Description The issue is related to the use of the wrong content-type header to determine the charset when a...

PT-2025-27859

Name of the Vulnerable Software and Affected Versions PHP versions prior to 8.1.33 PHP versions prior to 8.2.29 PHP versions prior to 8.3.23 PHP versions prior to 8.4 php7.4 php8.2 Description The pgsql and pdo pgsql escaping functions do not verify if the underlying quoting functions return...

PT-2025-28036

Name of the Vulnerable Software and Affected Versions PHP versions prior to 8.1.33 PHP versions prior to 8.2.29 PHP versions prior to 8.3.23 PHP versions prior to 8.4.10 PHP 7.4 affected versions not specified PHP 8.2 affected versions not specified Description PHP versions 8.1. before 8.1.33, 8....

PT-2025-11346

Name of the Vulnerable Software and Affected Versions PHP versions 8.1. through 8.1.31 PHP versions 8.2. through 8.2.27 PHP versions 8.3. through 8.3.18 PHP versions 8.4. through 8.4.4 Description The issue is related to the insufficient validation of end-of-line characters in user-supplied...

PT-2025-11345

Name of the Vulnerable Software and Affected Versions: PHP versions up to 8.1.31 PHP versions up to 8.2.27 PHP versions up to 8.3.18 PHP versions up to 8.4.4 php7.4 Description: The issue concerns the Streams HTTP Wrapper in PHP. Recommendations: For PHP versions up to 8.1.31, update to a version...