Lucene search

K

PHP Security Vulnerabilities

cve
cve

CVE-2009-4017

PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-data POST request, which allows remote attackers to cause a denial of service (resource exhaustion), and makes it easier for remote attackers to exploit local file...

9AI Score

0.054EPSS

2009-11-24 12:30 AM
57
cve
cve

CVE-2006-6934

Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum...

6AI Score

0.024EPSS

2007-01-16 11:28 PM
24
cve
cve

CVE-2005-2074

Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to...

5.8AI Score

0.002EPSS

2005-06-29 04:00 AM
55
cve
cve

CVE-2005-0832

Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown...

5.9AI Score

0.002EPSS

2005-05-02 04:00 AM
19
cve
cve

CVE-2006-6935

SQL injection vulnerability in the login component in Portix-PHP 0.4.2 allows remote attackers to execute arbitrary SQL commands via the username and passwd (password)...

8.8AI Score

0.006EPSS

2007-01-16 11:28 PM
18
cve
cve

CVE-2008-1315

SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to...

8.4AI Score

0.001EPSS

2008-03-13 02:44 PM
25
cve
cve

CVE-2005-2075

PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0.....

6.3AI Score

0.017EPSS

2005-06-29 04:00 AM
27
cve
cve

CVE-2005-3159

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and...

8.3AI Score

0.003EPSS

2005-10-06 10:02 AM
26
cve
cve

CVE-2002-0985

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing...

6.8AI Score

0.015EPSS

2004-09-01 04:00 AM
41
cve
cve

CVE-2002-1820

register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin with a lower case...

9.8CVSS

7.1AI Score

0.007EPSS

2022-10-03 04:23 PM
21
cve
cve

CVE-2006-3205

Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to gain access via modified user_env, pass_env, power_env, and id_env parameters in a cookie, which comprise a persistent logon that does not vary across...

7.3AI Score

0.006EPSS

2006-06-24 01:06 AM
25
cve
cve

CVE-2006-7133

Directory traversal vulnerability in upload/bin/download.php in Upload Tool for PHP 1.0 allows remote attackers to read arbitrary files via (1) ".." sequences or (2) absolute pathnames in the filename...

7.2AI Score

0.017EPSS

2007-03-06 01:19 AM
22
cve
cve

CVE-2006-3204

Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically weak block cipher with a large key collision space, which allows remote attackers to determine a suitable decryption key given the plaintext and ciphertext by obtaining the plaintext password, which is sent when logging in, and...

7.1AI Score

0.005EPSS

2006-06-24 01:06 AM
25
cve
cve

CVE-2006-3208

Direct static code injection vulnerability in Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote authenticated administrators to execute arbitrary PHP code via multiple unspecified "configuration fields" in (1) admin_chatconfig.php, (2) admin_configcss.php, (3) admin_config.php, or (4)...

7.8AI Score

0.004EPSS

2006-06-24 01:06 AM
20
cve
cve

CVE-2008-1298

SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to...

8.4AI Score

0.002EPSS

2008-03-12 05:44 PM
25
cve
cve

CVE-2006-3203

The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain...

7.4AI Score

0.008EPSS

2006-06-24 01:06 AM
25
cve
cve

CVE-2008-2108

The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, when running on 64-bit systems, performs a multiplication that generates a portion of zero bits during conversion due to insufficient precision, which produces 24 bits of entropy and simplifies brute force attacks against...

9.8CVSS

9.4AI Score

0.004EPSS

2008-05-07 09:20 PM
59
cve
cve

CVE-2004-0594

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a...

7.4AI Score

0.613EPSS

2004-07-27 04:00 AM
49
cve
cve

CVE-2005-1921

Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8)...

7.6AI Score

0.956EPSS

2005-07-05 04:00 AM
134
cve
cve

CVE-2018-14869

PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a...

5.4CVSS

5.2AI Score

0.001EPSS

2018-08-06 09:29 PM
38
cve
cve

CVE-2024-25219

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter...

6.1CVSS

5.8AI Score

0.0005EPSS

2024-02-14 03:15 PM
38
cve
cve

CVE-2024-25221

A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at...

6.1CVSS

5.8AI Score

0.0005EPSS

2024-02-14 03:15 PM
13
cve
cve

CVE-2024-25222

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at...

9.8CVSS

9.7AI Score

0.001EPSS

2024-02-14 03:15 PM
42
cve
cve

CVE-2024-25220

Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at...

9.8CVSS

9.7AI Score

0.001EPSS

2024-02-14 03:15 PM
41
cve
cve

CVE-2022-28102

A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at...

5.4CVSS

5.4AI Score

0.001EPSS

2022-04-28 02:15 PM
61
cve
cve

CVE-2010-1866

The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to cause a denial of service (crash) and possibly trigger memory corruption via a negative chunk size, which bypasses a signed comparison, related to an integer overflow...

9.8CVSS

9.4AI Score

0.027EPSS

2010-05-07 11:00 PM
34
cve
cve

CVE-2023-6165

The Restrict Usernames Emails Characters WordPress plugin before 3.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is...

4.8CVSS

5AI Score

0.0004EPSS

2024-01-29 03:15 PM
9
cve
cve

CVE-2015-0235

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka...

7.7AI Score

0.975EPSS

2015-01-28 07:59 PM
384
In Wild
6
cve
cve

CVE-2023-28447

Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to unauthorized access to sensitive user data,...

7.1CVSS

6.6AI Score

0.001EPSS

2023-03-28 09:15 PM
40
cve
cve

CVE-2008-0599

The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted...

9.8CVSS

9.6AI Score

0.245EPSS

2008-05-05 05:20 PM
134
In Wild
cve
cve

CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction...

7.5CVSS

7.3AI Score

0.101EPSS

2007-03-06 08:19 PM
41
cve
cve

CVE-2022-4900

A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer...

6.2CVSS

5.5AI Score

0.001EPSS

2023-11-02 04:15 PM
50
cve
cve

CVE-2023-5199

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to include local file and potentially execute code....

9.9CVSS

9.4AI Score

0.001EPSS

2023-10-30 02:15 PM
58
cve
cve

CVE-2019-11048

In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning....

5.3CVSS

5.5AI Score

0.012EPSS

2020-05-20 08:15 AM
770
2
cve
cve

CVE-2023-0567

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as...

7.7CVSS

7.7AI Score

0.001EPSS

2023-03-01 08:15 AM
228
cve
cve

CVE-2019-11037

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled....

9.8CVSS

9.2AI Score

0.048EPSS

2019-05-03 08:29 PM
249
cve
cve

CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted...

7.8CVSS

8.7AI Score

0.003EPSS

2017-07-25 11:29 PM
138
cve
cve

CVE-2017-11144

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in...

7.5CVSS

8.4AI Score

0.016EPSS

2017-07-10 02:29 PM
122
cve
cve

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session...

9.8CVSS

7.9AI Score

0.024EPSS

2016-07-25 02:59 PM
162
4
cve
cve

CVE-2016-6288

The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data...

9.8CVSS

7.7AI Score

0.032EPSS

2016-07-25 02:59 PM
118
cve
cve

CVE-2016-3185

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via...

7.1CVSS

7.9AI Score

0.007EPSS

2016-05-16 10:59 AM
68
2
cve
cve

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url....

7.5CVSS

8.2AI Score

0.005EPSS

2017-07-10 02:29 PM
64
cve
cve

CVE-2015-0273

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the...

8.1AI Score

0.955EPSS

2015-03-30 10:59 AM
165
In Wild
2
cve
cve

CVE-2014-9427

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character,...

7.3AI Score

0.11EPSS

2015-01-03 02:59 AM
691
cve
cve

CVE-2014-3669

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize...

9.3AI Score

0.937EPSS

2014-10-29 10:55 AM
154
cve
cve

CVE-2014-3670

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly...

8.5AI Score

0.269EPSS

2014-10-29 10:55 AM
104
cve
cve

CVE-2013-7226

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer...

7.7AI Score

0.048EPSS

2014-02-18 11:55 AM
34
cve
cve

CVE-2011-0441

The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under...

6.2AI Score

0.0004EPSS

2011-03-29 06:55 PM
41
cve
cve

CVE-2017-11143

In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an invalid free for an empty boolean element in...

7.5CVSS

8.5AI Score

0.012EPSS

2017-07-10 02:29 PM
108
cve
cve

CVE-2016-6297

Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted zip://...

8.8CVSS

8AI Score

0.016EPSS

2016-07-25 02:59 PM
122
4
Total number of security vulnerabilities1262