Lucene search

K

PHP Security Vulnerabilities

cve
cve

CVE-2015-6836

The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call...

7.3CVSS

8.5AI Score

0.022EPSS

2016-01-19 05:59 AM
163
cve
cve

CVE-2015-6835

The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session...

9.8CVSS

8.5AI Score

0.09EPSS

2016-05-16 10:59 AM
161
cve
cve

CVE-2015-6834

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are...

9.8CVSS

8.7AI Score

0.201EPSS

2016-05-16 10:59 AM
175
cve
cve

CVE-2015-6833

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo...

7.5CVSS

7.2AI Score

0.006EPSS

2016-01-19 05:59 AM
152
cve
cve

CVE-2011-0441

The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on a directory under...

6.2AI Score

0.0004EPSS

2011-03-29 06:55 PM
41
cve
cve

CVE-2014-8142

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys....

8AI Score

0.861EPSS

2014-12-20 11:59 AM
143
cve
cve

CVE-2014-3668

Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument....

7.3AI Score

0.119EPSS

2014-10-29 10:55 AM
112
cve
cve

CVE-2022-31626

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can.....

8.8CVSS

9.3AI Score

0.008EPSS

2022-06-16 06:15 AM
718
6
cve
cve

CVE-2013-1643

The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and...

5.9AI Score

0.003EPSS

2013-03-06 01:10 PM
121
cve
cve

CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or...

8.1CVSS

8.3AI Score

0.004EPSS

2022-06-16 06:15 AM
779
10
cve
cve

CVE-2016-9137

Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that is mishandled during __wakeup...

9.8CVSS

9.2AI Score

0.021EPSS

2017-01-04 08:59 PM
97
cve
cve

CVE-2016-6296

Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other...

9.8CVSS

8AI Score

0.021EPSS

2016-07-25 02:59 PM
157
4
cve
cve

CVE-2016-6289

Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted extract operation...

7.8CVSS

8AI Score

0.008EPSS

2016-07-25 02:59 PM
148
cve
cve

CVE-2015-8838

ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to...

5.9CVSS

5.9AI Score

0.005EPSS

2016-05-16 10:59 AM
63
cve
cve

CVE-2014-3981

acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a symlink attack on the /tmp/phpglibccheck...

8.5AI Score

0.0005EPSS

2014-06-08 06:55 PM
88
cve
cve

CVE-2013-4113

ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted document that is processed by the xml_parse_into_struct...

6.6AI Score

0.614EPSS

2013-07-13 01:10 PM
189
2
cve
cve

CVE-2013-1635

ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an.....

5.8AI Score

0.018EPSS

2013-03-06 01:10 PM
167
cve
cve

CVE-2011-4718

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session...

7.2AI Score

0.006EPSS

2022-10-03 04:15 PM
127
cve
cve

CVE-2015-6527

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace...

7.3CVSS

7.5AI Score

0.009EPSS

2016-01-19 05:59 AM
32
2
cve
cve

CVE-2015-0232

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG...

8.2AI Score

0.88EPSS

2015-01-27 08:04 PM
130
cve
cve

CVE-2014-8626

Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC...

8.3AI Score

0.08EPSS

2014-11-23 02:59 AM
94
cve
cve

CVE-2017-11145

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/parse_date.c out-of-bounds reads affecting the...

7.5CVSS

8.1AI Score

0.009EPSS

2017-07-10 02:29 PM
152
cve
cve

CVE-2012-2336

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line...

9.4AI Score

0.973EPSS

2012-05-11 10:15 AM
689
cve
cve

CVE-2012-2311

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line...

9.9AI Score

0.973EPSS

2012-05-11 10:15 AM
180
cve
cve

CVE-2016-6295

ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage collection, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other...

9.8CVSS

8.2AI Score

0.063EPSS

2016-07-25 02:59 PM
152
4
cve
cve

CVE-2016-6294

The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly restrict calls to the ICU uloc_acceptLanguageFromHTTP function, which allows remote attackers to cause a denial of service (out-of-bounds read)....

9.8CVSS

7.8AI Score

0.018EPSS

2016-07-25 02:59 PM
141
4
cve
cve

CVE-2016-6291

The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds array access and memory corruption), obtain sensitive information from process memory, or possibly have.....

9.8CVSS

7.9AI Score

0.021EPSS

2016-07-25 02:59 PM
157
cve
cve

CVE-2015-6832

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array...

7.3CVSS

7.6AI Score

0.015EPSS

2016-01-19 05:59 AM
143
cve
cve

CVE-2015-5589

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified...

9.8CVSS

7.8AI Score

0.02EPSS

2016-05-16 10:59 AM
213
cve
cve

CVE-2015-5590

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by...

7.3CVSS

8.2AI Score

0.015EPSS

2016-01-19 05:59 AM
104
cve
cve

CVE-2005-3388

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array...

5.3AI Score

0.826EPSS

2005-11-01 12:47 PM
85
cve
cve

CVE-2013-7328

Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive information via an imagecrop function call with a negative value for the (1) x or (2) y dimension, a...

6.5AI Score

0.048EPSS

2014-02-18 11:55 AM
33
cve
cve

CVE-2012-0830

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for...

9AI Score

0.875EPSS

2012-02-06 08:55 PM
177
cve
cve

CVE-2006-1490

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to.....

6AI Score

0.247EPSS

2006-03-29 09:06 PM
34
cve
cve

CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite...

5.5CVSS

7.5AI Score

0.0005EPSS

2022-09-28 11:15 PM
491
12
cve
cve

CVE-2019-11044

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to...

7.5CVSS

8.4AI Score

0.002EPSS

2019-12-23 03:15 AM
329
2
cve
cve

CVE-2017-11147

In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due to a buffer over-read in the phar_parse_pharfile function in...

9.1CVSS

9.1AI Score

0.003EPSS

2017-07-10 02:29 PM
75
4
cve
cve

CVE-2016-4073

Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted mb_strcut...

9.8CVSS

8.2AI Score

0.063EPSS

2016-05-20 11:00 AM
158
4
cve
cve

CVE-2016-4071

Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via format string specifiers in an SNMP::get...

9.8CVSS

8AI Score

0.493EPSS

2016-05-20 11:00 AM
184
cve
cve

CVE-2015-8873

Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method...

7.5CVSS

6.6AI Score

0.009EPSS

2016-05-16 10:59 AM
84
5
cve
cve

CVE-2015-8865

The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, which allows context-dependent attackers to cause a denial of service (buffer overflow and application....

7.3CVSS

8.2AI Score

0.004EPSS

2016-05-20 10:59 AM
181
cve
cve

CVE-2016-3142

The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an...

8.2CVSS

7AI Score

0.114EPSS

2016-03-31 04:59 PM
110
cve
cve

CVE-2016-3141

Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data...

9.8CVSS

7.9AI Score

0.058EPSS

2016-03-31 04:59 PM
120
cve
cve

CVE-2015-7804

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR...

7.9AI Score

0.048EPSS

2015-12-11 12:00 PM
114
cve
cve

CVE-2014-9425

Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown...

9.7AI Score

0.066EPSS

2014-12-31 02:59 AM
57
2
cve
cve

CVE-2016-8670

Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other...

9.8CVSS

8.2AI Score

0.039EPSS

2017-01-04 08:59 PM
48
4
cve
cve

CVE-2019-11047

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

6.5CVSS

7.4AI Score

0.009EPSS

2019-12-23 03:15 AM
544
3
cve
cve

CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where...

7.5CVSS

8.2AI Score

0.002EPSS

2018-02-09 06:29 AM
47
cve
cve

CVE-2015-7803

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file...

7.7AI Score

0.066EPSS

2015-12-11 12:00 PM
109
cve
cve

CVE-2015-6837

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation during initial error...

7.5CVSS

7.6AI Score

0.028EPSS

2016-05-16 10:59 AM
129
Total number of security vulnerabilities1262