Lucene search

K

PHP Security Vulnerabilities

cve
cve

CVE-2018-19520

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to...

8.8CVSS

8.9AI Score

0.003EPSS

2018-11-25 08:29 PM
494
cve
cve

CVE-2018-19396

ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant...

7.5CVSS

7.3AI Score

0.001EPSS

2018-11-20 09:29 PM
896
cve
cve

CVE-2018-19395

ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL in com_properties_get in ext/com_dotnet/com_handlers.c, as demonstrated by a serialize call on...

7.5CVSS

7.2AI Score

0.001EPSS

2018-11-20 09:29 PM
1141
cve
cve

CVE-2018-19246

PHP-Proxy 5.1.0 allows remote attackers to read local files if the default "pre-installed version" (intended for users who lack shell access to their web server) is used. This occurs because the aeb067ca0aa9a3193dce3a7264c90187 app_key value from the default config.php is in place, and this value.....

7.5CVSS

7.2AI Score

0.867EPSS

2018-11-13 09:29 AM
42
cve
cve

CVE-2018-17082

The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in...

6.1CVSS

6AI Score

0.003EPSS

2018-09-16 03:29 PM
541
1
cve
cve

CVE-2018-15132

An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed...

7.5CVSS

7.3AI Score

0.004EPSS

2018-08-07 03:29 PM
358
cve
cve

CVE-2018-14884

An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi...

7.5CVSS

7.3AI Score

0.003EPSS

2018-08-03 01:29 PM
125
cve
cve

CVE-2018-14883

An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of...

7.5CVSS

7.5AI Score

0.005EPSS

2018-08-03 01:29 PM
374
cve
cve

CVE-2018-14851

exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG...

5.5CVSS

5.9AI Score

0.007EPSS

2018-08-02 07:29 PM
276
cve
cve

CVE-2017-9120

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in...

9.8CVSS

9.8AI Score

0.009EPSS

2018-08-02 03:29 PM
908
In Wild
4
cve
cve

CVE-2017-9118

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace...

7.5CVSS

7.3AI Score

0.002EPSS

2018-08-02 03:29 PM
229
cve
cve

CVE-2016-9482

Code generated by PHP FormMail Generator may allow a remote unauthenticated user to bypass authentication in the to access the administrator panel by navigating directly to...

9.8CVSS

9.7AI Score

0.003EPSS

2018-07-13 08:29 PM
17
cve
cve

CVE-2016-9484

The generated PHP form code does not properly validate user input folder directories, allowing a remote unauthenticated attacker to perform a path traversal and access arbitrary files on the server. The PHP FormMail Generator website does not use version numbers and is updated continuously. Any...

7.5CVSS

8.8AI Score

0.002EPSS

2018-07-13 08:29 PM
20
cve
cve

CVE-2016-9492

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to unrestricted upload of dangerous file types. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP....

9.8CVSS

9.5AI Score

0.003EPSS

2018-07-13 08:29 PM
19
cve
cve

CVE-2016-9493

The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This list does not include all variations of PHP files, which...

6.1CVSS

6.6AI Score

0.001EPSS

2018-07-13 08:29 PM
20
cve
cve

CVE-2016-9483

The PHP form code generated by PHP FormMail Generator deserializes untrusted input as part of the phpfmg_filman_download() function. A remote unauthenticated attacker may be able to use this vulnerability to inject PHP code, or along with CVE-2016-9484 to perform local file inclusion attacks and...

9.8CVSS

8.1AI Score

0.002EPSS

2018-07-13 08:29 PM
22
cve
cve

CVE-2018-12882

exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closing. The vulnerable code is reachable through the PHP exif_read_data...

9.8CVSS

8.4AI Score

0.005EPSS

2018-06-26 03:29 AM
183
cve
cve

CVE-2018-10547

An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an...

6.1CVSS

7.2AI Score

0.62EPSS

2018-04-29 09:29 PM
418
cve
cve

CVE-2018-10548

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return...

7.5CVSS

6.2AI Score

0.921EPSS

2018-04-29 09:29 PM
339
cve
cve

CVE-2018-10549

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0'...

8.8CVSS

7.8AI Score

0.011EPSS

2018-04-29 09:29 PM
455
cve
cve

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain...

4.7CVSS

5.5AI Score

0.001EPSS

2018-04-29 09:29 PM
445
cve
cve

CVE-2018-10546

An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte...

7.5CVSS

6.8AI Score

0.025EPSS

2018-04-29 09:29 PM
275
cve
cve

CVE-2018-0535

Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows an attacker to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6AI Score

0.001EPSS

2018-03-22 01:29 PM
20
cve
cve

CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subsequently results in copying a large...

9.8CVSS

8AI Score

0.753EPSS

2018-03-01 07:29 PM
326
cve
cve

CVE-2015-9253

An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this....

6.5CVSS

7.7AI Score

0.006EPSS

2018-02-19 07:29 PM
811
cve
cve

CVE-2018-1000025

Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an actual token, or from....

8.1CVSS

8.1AI Score

0.002EPSS

2018-02-09 11:29 PM
28
cve
cve

CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar...

6.1CVSS

7.1AI Score

0.62EPSS

2018-01-16 09:29 AM
248
cve
cve

CVE-2017-17626

Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid...

9.8CVSS

9.9AI Score

0.002EPSS

2017-12-13 09:29 AM
26
cve
cve

CVE-2017-17624

PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1...

9.8CVSS

9.9AI Score

0.002EPSS

2017-12-13 09:29 AM
28
cve
cve

CVE-2017-17594

DomainSale PHP Script 1.0 has SQL Injection via the domain.php id...

9.8CVSS

9.9AI Score

0.002EPSS

2017-12-13 09:29 AM
24
cve
cve

CVE-2017-16642

In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back of' directives could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c.....

7.5CVSS

8.2AI Score

0.009EPSS

2017-11-07 09:29 PM
351
cve
cve

CVE-2015-8375

Cross-site scripting (XSS) vulnerability in PHP-Fusion...

5.4CVSS

5.3AI Score

0.001EPSS

2017-09-25 09:29 PM
17
cve
cve

CVE-2015-6250

simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the...

5.3CVSS

5.5AI Score

0.003EPSS

2017-09-06 09:29 PM
16
cve
cve

CVE-2017-12868

The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in SimpleSAMLphp 1.14.13 and earlier, when used with PHP before 5.6, allows attackers to conduct session fixation attacks or possibly bypass authentication by leveraging missing character conversions before an XOR...

9.8CVSS

9.6AI Score

0.004EPSS

2017-09-01 01:29 PM
53
cve
cve

CVE-2015-3211

php-fpm allows local users to write to or create arbitrary files via a symlink...

5.5CVSS

5.4AI Score

0.0004EPSS

2017-08-25 06:29 PM
23
cve
cve

CVE-2017-12932

ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue can have an...

9.8CVSS

9.4AI Score

0.01EPSS

2017-08-18 03:29 AM
96
cve
cve

CVE-2017-12934

ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue can have an unspecified impact on the integrity of...

7.5CVSS

8.5AI Score

0.003EPSS

2017-08-18 03:29 AM
71
cve
cve

CVE-2017-12933

The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of...

9.8CVSS

9.4AI Score

0.011EPSS

2017-08-18 03:29 AM
214
cve
cve

CVE-2017-7890

The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of.....

6.5CVSS

6.8AI Score

0.298EPSS

2017-08-02 07:29 PM
229
cve
cve

CVE-2017-11362

In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International...

9.8CVSS

9.9AI Score

0.01EPSS

2017-07-17 01:18 PM
60
cve
cve

CVE-2017-11142

In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to...

7.5CVSS

8AI Score

0.032EPSS

2017-07-10 02:29 PM
194
cve
cve

CVE-2016-7817

Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified...

6.1CVSS

6AI Score

0.001EPSS

2017-06-09 04:29 PM
16
cve
cve

CVE-2016-4473

/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to...

9.8CVSS

7.9AI Score

0.032EPSS

2017-06-08 08:29 PM
74
cve
cve

CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An...

9.8CVSS

9.3AI Score

0.008EPSS

2017-05-24 03:29 PM
105
4
cve
cve

CVE-2017-9224

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in.....

9.8CVSS

9.4AI Score

0.004EPSS

2017-05-24 03:29 PM
102
4
cve
cve

CVE-2017-9226

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in...

9.8CVSS

9.6AI Score

0.005EPSS

2017-05-24 03:29 PM
108
4
cve
cve

CVE-2017-9227

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid...

9.8CVSS

9.3AI Score

0.003EPSS

2017-05-24 03:29 PM
107
4
cve
cve

CVE-2017-9229

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid...

7.5CVSS

8.5AI Score

0.003EPSS

2017-05-24 03:29 PM
86
2
cve
cve

CVE-2017-9119

The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumption and application crash) or possibly have unspecified other impact by triggering crafted operations on array data...

9.8CVSS

9.6AI Score

0.006EPSS

2017-05-21 07:29 PM
37
cve
cve

CVE-2017-8923

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's.....

9.8CVSS

9.8AI Score

0.005EPSS

2017-05-12 08:29 PM
586
4
Total number of security vulnerabilities1262