Lucene search

K

PHP Security Vulnerabilities

cve
cve

CVE-2015-6835

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session...

9.8CVSS

8.5AI Score

0.09EPSS

2016-05-16 10:59 AM
162
cve
cve

CVE-2015-6834

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are...

9.8CVSS

8.7AI Score

0.201EPSS

2016-05-16 10:59 AM
177
cve
cve

CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo...

7.5CVSS

7.2AI Score

0.006EPSS

2016-01-19 05:59 AM
154
cve
cve

CVE-2014-8142

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys....

8AI Score

0.861EPSS

2014-12-20 11:59 AM
143
cve
cve

CVE-2014-3668

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument....

7.3AI Score

0.119EPSS

2014-10-29 10:55 AM
112
cve
cve

CVE-2013-1643

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and...

5.9AI Score

0.003EPSS

2013-03-06 01:10 PM
121
cve
cve

CVE-2015-6527

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace...

7.3CVSS

7.5AI Score

0.009EPSS

2016-01-19 05:59 AM
33
2
cve
cve

CVE-2015-0232

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG...

8.2AI Score

0.88EPSS

2015-01-27 08:04 PM
130
cve
cve

CVE-2014-8626

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC...

8.3AI Score

0.08EPSS

2014-11-23 02:59 AM
94
cve
cve

CVE-2012-2336

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line...

9.4AI Score

0.973EPSS

2012-05-11 10:15 AM
689
cve
cve

CVE-2012-2311

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line...

9.9AI Score

0.973EPSS

2012-05-11 10:15 AM
180
cve
cve

CVE-2005-3388

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array...

5.3AI Score

0.826EPSS

2005-11-01 12:47 PM
85
cve
cve

CVE-2017-11628

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted...

7.8CVSS

8.7AI Score

0.003EPSS

2017-07-25 11:29 PM
138
cve
cve

CVE-2017-11144

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of the PHP interpreter, related to an interpretation conflict for a negative number in...

7.5CVSS

8.4AI Score

0.016EPSS

2017-07-10 02:29 PM
123
cve
cve

CVE-2016-6290

ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors related to session...

9.8CVSS

7.9AI Score

0.024EPSS

2016-07-25 02:59 PM
162
4
cve
cve

CVE-2016-6288

The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via vectors involving the smart_str data...

9.8CVSS

7.7AI Score

0.032EPSS

2016-07-25 02:59 PM
118
cve
cve

CVE-2016-3185

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via...

7.1CVSS

7.9AI Score

0.007EPSS

2016-05-16 10:59 AM
68
2
cve
cve

CVE-2016-10397

In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.example.com:80#@good.example.com/ and evil.example.com:[email protected]/ inputs to the parse_url....

7.5CVSS

8.2AI Score

0.005EPSS

2017-07-10 02:29 PM
64
cve
cve

CVE-2015-0273

Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the...

8.1AI Score

0.955EPSS

2015-03-30 10:59 AM
165
In Wild
2
cve
cve

CVE-2014-9427

sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the mapping's length during processing of an invalid file that begins with a # character and lacks a newline character,...

7.3AI Score

0.11EPSS

2015-01-03 02:59 AM
693
cve
cve

CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite...

5.5CVSS

7.5AI Score

0.0005EPSS

2022-09-28 11:15 PM
492
12
cve
cve

CVE-2014-3670

The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly...

8.5AI Score

0.269EPSS

2014-10-29 10:55 AM
104
cve
cve

CVE-2014-3669

Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize...

9.3AI Score

0.937EPSS

2014-10-29 10:55 AM
156
cve
cve

CVE-2013-7226

Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an imagecrop function call with a large x dimension value, leading to a heap-based buffer...

7.7AI Score

0.048EPSS

2014-02-18 11:55 AM
34
cve
cve

CVE-2011-0441

The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under...

6.2AI Score

0.0004EPSS

2011-03-29 06:55 PM
41
cve
cve

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to...

7.5CVSS

8.4AI Score

0.002EPSS

2019-12-23 03:15 AM
329
2
cve
cve

CVE-2017-11145

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the...

7.5CVSS

8.1AI Score

0.009EPSS

2017-07-10 02:29 PM
153
cve
cve

CVE-2016-6295

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other...

9.8CVSS

8.2AI Score

0.063EPSS

2016-07-25 02:59 PM
152
4
cve
cve

CVE-2016-6294

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read)....

9.8CVSS

7.8AI Score

0.018EPSS

2016-07-25 02:59 PM
141
4
cve
cve

CVE-2016-6291

The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have.....

9.8CVSS

7.9AI Score

0.021EPSS

2016-07-25 02:59 PM
157
cve
cve

CVE-2015-6832

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array...

7.3CVSS

7.6AI Score

0.015EPSS

2016-01-19 05:59 AM
144
cve
cve

CVE-2015-5589

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified...

9.8CVSS

7.8AI Score

0.02EPSS

2016-05-16 10:59 AM
213
cve
cve

CVE-2015-5590

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by...

7.3CVSS

8.2AI Score

0.015EPSS

2016-01-19 05:59 AM
104
cve
cve

CVE-2013-7328

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a...

6.5AI Score

0.048EPSS

2014-02-18 11:55 AM
33
cve
cve

CVE-2012-0830

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for...

9AI Score

0.875EPSS

2012-02-06 08:55 PM
177
cve
cve

CVE-2006-1490

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to.....

6AI Score

0.247EPSS

2006-03-29 09:06 PM
34
cve
cve

CVE-2016-8670

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other...

9.8CVSS

8.2AI Score

0.039EPSS

2017-01-04 08:59 PM
48
4
cve
cve

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where...

7.5CVSS

8.2AI Score

0.002EPSS

2018-02-09 06:29 AM
47
cve
cve

CVE-2015-7803

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file...

7.7AI Score

0.066EPSS

2015-12-11 12:00 PM
111
cve
cve

CVE-2015-6837

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error...

7.5CVSS

7.6AI Score

0.028EPSS

2016-05-16 10:59 AM
130
cve
cve

CVE-2015-1352

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted...

7.8AI Score

0.189EPSS

2015-03-30 10:59 AM
64
6
cve
cve

CVE-2016-3142

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an...

8.2CVSS

7AI Score

0.114EPSS

2016-03-31 04:59 PM
110
cve
cve

CVE-2016-3141

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data...

9.8CVSS

7.9AI Score

0.058EPSS

2016-03-31 04:59 PM
120
cve
cve

CVE-2015-7804

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR...

7.9AI Score

0.048EPSS

2015-12-11 12:00 PM
116
cve
cve

CVE-2014-9425

Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown...

9.7AI Score

0.063EPSS

2014-12-31 02:59 AM
57
2
cve
cve

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

6.5CVSS

7.4AI Score

0.009EPSS

2019-12-23 03:15 AM
544
3
cve
cve

CVE-2016-4072

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in...

9.8CVSS

7.8AI Score

0.069EPSS

2016-05-20 11:00 AM
152
4
cve
cve

CVE-2015-6831

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during...

7.3CVSS

7.8AI Score

0.022EPSS

2016-01-19 05:59 AM
150
2
cve
cve

CVE-2015-4644

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and...

7.5CVSS

8.1AI Score

0.189EPSS

2016-05-16 10:59 AM
98
cve
cve

CVE-2015-4642

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system...

9.8CVSS

7.6AI Score

0.043EPSS

2016-05-16 10:59 AM
343
Total number of security vulnerabilities1262