PT-2025-11313 · Php +7 · Php +7

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Description: A severe issue was disclosed for PHP. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

PT-2023-5956 · Php +11 · Php +11

Name of the Vulnerable Software and Affected Versions: PHP versions 8.0. through 8.0.29 PHP versions 8.1. through 8.1.21 PHP versions 8.2. through 8.2.7 Description: The issue is related to the way PHP's XML functions rely on libxml global state to track configuration variables. This state can be...

PHP 5.4/5.5/5.6 - SplDoublyLinkedList 'Unserialize()' Use-After-Free

Yet Another Use After Free Vulnerability in unserialize with SplDoublyLinkedList Taoguang Chen - Write Date: 2015.8.27 Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with SplDoublyLinkedList object's deserialization and crafted object's wakeup magic method tha...

Serious Remote PHP Bug Accidentally Disclosed

A serious remote-code execution vulnerability in PHP was accidentally disclosed Wednesday, leading to fears of an outbreak of attacks on sites that were built using vulnerable versions of PHP. The bug has been known privately since January when a team of researchers used it in a capture the flag...

PHP "addcslashes()" Information Disclosure Vulnerability

No description provided by source. Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to the implementation of "addcslashes" function not being properly protected against...