Lucene search

K

PHP Security Vulnerabilities

cve
cve

CVE-2015-1352

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted...

7.8AI Score

0.189EPSS

2015-03-30 10:59 AM
64
6
cve
cve

CVE-2015-8867

The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via...

7.5CVSS

6.7AI Score

0.008EPSS

2016-05-22 01:59 AM
118
cve
cve

CVE-2015-6838

The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility of a NULL valuePop return value before proceeding with a free operation after the principal argument....

7.5CVSS

7.6AI Score

0.028EPSS

2016-05-16 10:59 AM
137
cve
cve

CVE-2014-3515

The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the array data type after unserialization, which allows remote attackers to execute arbitrary code via a crafted string that triggers use of a Hashtable destructor, related....

8AI Score

0.814EPSS

2014-07-09 11:07 AM
247
3
cve
cve

CVE-2016-4072

The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \0 characters by the phar_analyze_path function in...

9.8CVSS

7.8AI Score

0.067EPSS

2016-05-20 11:00 AM
152
4
cve
cve

CVE-2015-6831

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during...

7.3CVSS

7.8AI Score

0.022EPSS

2016-01-19 05:59 AM
149
2
cve
cve

CVE-2015-4644

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and...

7.5CVSS

8.1AI Score

0.189EPSS

2016-05-16 10:59 AM
98
cve
cve

CVE-2015-4642

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system...

9.8CVSS

7.6AI Score

0.043EPSS

2016-05-16 10:59 AM
341
cve
cve

CVE-2015-4116

Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare...

9.8CVSS

9.6AI Score

0.039EPSS

2016-05-16 10:59 AM
88
cve
cve

CVE-2013-7327

The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return...

7.3AI Score

0.048EPSS

2014-02-18 11:55 AM
36
cve
cve

CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the.....

7.8CVSS

7.1AI Score

0.001EPSS

2021-10-25 06:15 AM
1302
4
cve
cve

CVE-2019-11049

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory...

9.8CVSS

9.2AI Score

0.003EPSS

2019-12-23 03:15 AM
632
2
cve
cve

CVE-2022-4455

A vulnerability, which was classified as problematic, was found in sproctor php-calendar. This affects an unknown part of the file index.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch...

6.1CVSS

6AI Score

0.001EPSS

2022-12-13 06:15 PM
28
cve
cve

CVE-2016-4542

The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not properly construct spprintf arguments, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted....

9.8CVSS

7.8AI Score

0.032EPSS

2016-05-22 01:59 AM
151
cve
cve

CVE-2019-11043

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code...

9.8CVSS

10AI Score

0.975EPSS

2019-10-28 03:15 PM
3712
In Wild
9
cve
cve

CVE-2016-4538

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibly....

9.8CVSS

7.7AI Score

0.036EPSS

2016-05-22 01:59 AM
175
cve
cve

CVE-2016-4537

The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative integer for the scale argument, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted...

9.8CVSS

7.8AI Score

0.036EPSS

2016-05-22 01:59 AM
154
cve
cve

CVE-2013-4248

The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL...

6.1AI Score

0.029EPSS

2013-08-18 02:52 AM
123
cve
cve

CVE-2012-4388

The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to...

6.3AI Score

0.013EPSS

2012-09-07 10:55 PM
37
cve
cve

CVE-2019-11050

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...

6.5CVSS

7.4AI Score

0.004EPSS

2019-12-23 03:15 AM
497
4
cve
cve

CVE-2019-11036

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or...

9.1CVSS

8.8AI Score

0.009EPSS

2019-05-03 08:29 PM
503
cve
cve

CVE-2021-32610

In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than...

7.1CVSS

7.4AI Score

0.924EPSS

2021-07-30 02:15 PM
233
In Wild
6
cve
cve

CVE-2019-11046

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying it with string containing characters that are identified as numeric by the OS but aren't ASCII...

5.3CVSS

6AI Score

0.004EPSS

2019-12-23 03:15 AM
383
3
cve
cve

CVE-2018-5711

gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or...

5.5CVSS

5.9AI Score

0.002EPSS

2018-01-16 09:29 AM
191
cve
cve

CVE-2016-4541

The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative...

9.8CVSS

7.7AI Score

0.032EPSS

2016-05-22 01:59 AM
142
cve
cve

CVE-2016-4540

The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative...

9.8CVSS

7.8AI Score

0.032EPSS

2016-05-22 01:59 AM
155
cve
cve

CVE-2016-4539

The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (buffer under-read and segmentation fault) or possibly have unspecified other impact via crafted XML data in the second argument,....

9.8CVSS

7.8AI Score

0.028EPSS

2016-05-22 01:59 AM
141
cve
cve

CVE-2014-3710

The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that sufficient note headers are present, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted ELF...

7.1AI Score

0.063EPSS

2014-11-05 11:55 AM
119
6
cve
cve

CVE-2013-6420

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service.....

7.1AI Score

0.95EPSS

2013-12-17 04:46 AM
173
cve
cve

CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to...

5.9CVSS

7.3AI Score

0.008EPSS

2019-12-23 03:15 AM
490
3
cve
cve

CVE-2020-7070

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker...

5.3CVSS

6.5AI Score

0.004EPSS

2020-10-02 03:15 PM
1050
6
cve
cve

CVE-2022-3973

A vulnerability classified as critical has been found in Pingkon HMS-PHP. Affected is an unknown function of the file /admin/admin.php of the component Data Pump Metadata. The manipulation of the argument uname/pass leads to sql injection. It is possible to launch the attack remotely. The exploit.....

9.8CVSS

9.8AI Score

0.002EPSS

2022-11-13 10:15 AM
32
18
cve
cve

CVE-2022-3972

A vulnerability was found in Pingkon HMS-PHP. It has been rated as critical. This issue affects some unknown processing of the file admin/adminlogin.php. The manipulation of the argument uname/pass leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the.....

9.8CVSS

9.7AI Score

0.002EPSS

2022-11-13 10:15 AM
49
22
cve
cve

CVE-2016-7405

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect...

9.8CVSS

9.5AI Score

0.006EPSS

2016-10-03 06:59 PM
33
4
cve
cve

CVE-2020-36193

Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to...

7.5CVSS

7.5AI Score

0.924EPSS

2021-01-18 08:15 PM
858
In Wild
32
cve
cve

CVE-2016-4543

The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header...

9.8CVSS

7.8AI Score

0.017EPSS

2016-05-22 01:59 AM
145
cve
cve

CVE-2020-28948

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not...

7.8CVSS

7.7AI Score

0.068EPSS

2020-11-19 07:15 PM
217
In Wild
30
cve
cve

CVE-2020-28949

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still...

7.8CVSS

7.7AI Score

0.961EPSS

2020-11-19 07:15 PM
763
In Wild
29
cve
cve

CVE-2020-7069

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption...

6.5CVSS

6.6AI Score

0.002EPSS

2020-10-02 03:15 PM
1421
5
cve
cve

CVE-2021-23227

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2...

8.8CVSS

8.9AI Score

0.001EPSS

2022-01-13 09:15 PM
21
cve
cve

CVE-2022-29221

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors....

8.8CVSS

8.4AI Score

0.003EPSS

2022-05-24 03:15 PM
124
8
cve
cve

CVE-2021-29454

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to...

8.8CVSS

8.6AI Score

0.003EPSS

2022-01-10 08:15 PM
76
7
cve
cve

CVE-2016-4544

The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate TIFF start data, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted header.....

9.8CVSS

7.8AI Score

0.014EPSS

2016-05-22 01:59 AM
130
2
cve
cve

CVE-2015-1351

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown...

7.7AI Score

0.145EPSS

2015-03-30 10:59 AM
79
2
cve
cve

CVE-2019-6977

gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to...

8.8CVSS

8.6AI Score

0.723EPSS

2019-01-27 02:29 AM
791
cve
cve

CVE-2013-6712

The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval...

5.5AI Score

0.59EPSS

2013-11-28 04:37 AM
79
cve
cve

CVE-2021-21408

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a...

8.8CVSS

8.4AI Score

0.002EPSS

2022-01-10 08:15 PM
75
6
cve
cve

CVE-2018-11756

In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code...

9.8CVSS

9.4AI Score

0.003EPSS

2018-07-23 05:29 PM
21
cve
cve

CVE-2015-2331

Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly...

10AI Score

0.953EPSS

2015-03-30 10:59 AM
135
cve
cve

CVE-2019-13224

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a...

9.8CVSS

9.9AI Score

0.012EPSS

2019-07-10 02:15 PM
316
4
Total number of security vulnerabilities1262