Lucene search

K

PHP Security Vulnerabilities

cve
cve

CVE-2018-19518

University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow...

7.5CVSS

8.1AI Score

0.969EPSS

2018-11-25 10:29 AM
2405
9
cve
cve

CVE-2019-13224

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a...

9.8CVSS

9.9AI Score

0.012EPSS

2019-07-10 02:15 PM
316
4
cve
cve

CVE-2019-19246

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in...

7.5CVSS

8.5AI Score

0.005EPSS

2019-11-25 05:15 PM
215
cve
cve

CVE-2015-8866

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote attackers to conduct XML External Entity (XXE) and XML Entity Expansion (XEE) attacks via a crafted...

9.6CVSS

7AI Score

0.079EPSS

2016-05-22 01:59 AM
75
3
cve
cve

CVE-2019-11038

When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized...

5.3CVSS

6AI Score

0.004EPSS

2019-06-19 12:15 AM
571
cve
cve

CVE-2015-4602

The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type...

9.8CVSS

8.3AI Score

0.097EPSS

2016-05-16 10:59 AM
221
cve
cve

CVE-2015-3411

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri...

6.5CVSS

7.8AI Score

0.009EPSS

2016-05-16 10:59 AM
103
cve
cve

CVE-2015-4600

The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1)...

9.8CVSS

9.1AI Score

0.066EPSS

2016-05-16 10:59 AM
195
cve
cve

CVE-2015-4601

PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than....

9.8CVSS

9.1AI Score

0.067EPSS

2016-05-16 10:59 AM
87
cve
cve

CVE-2015-3412

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an application that calls the stream_resolve_include_path function in ext/standard/streamsfuncs.c, as...

5.3CVSS

7AI Score

0.014EPSS

2016-05-16 10:59 AM
78
cve
cve

CVE-2015-4605

The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, which allows remote attackers to cause a denial of service (application crash) or possibly execute.....

7.5CVSS

8.1AI Score

0.087EPSS

2016-05-16 10:59 AM
78
cve
cve

CVE-2015-4604

The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relationship, which allows remote attackers to cause a denial of service (application crash) or possibly...

7.5CVSS

8.1AI Score

0.087EPSS

2016-05-16 10:59 AM
71
cve
cve

CVE-2020-29168

SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php...

9.8CVSS

9.7AI Score

0.002EPSS

2023-02-17 03:15 PM
27
cve
cve

CVE-2015-4643

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because.....

9.8CVSS

8.9AI Score

0.031EPSS

2016-05-16 10:59 AM
401
cve
cve

CVE-2015-2348

The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with...

7.4AI Score

0.008EPSS

2015-03-30 10:59 AM
96
cve
cve

CVE-2015-2301

Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted renaming of a Phar archive to the name.....

7.9AI Score

0.016EPSS

2015-03-30 10:59 AM
157
cve
cve

CVE-2015-3330

The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined...

8.1AI Score

0.052EPSS

2015-06-09 06:59 PM
98
cve
cve

CVE-2015-3329

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP...

8AI Score

0.615EPSS

2015-06-09 06:59 PM
141
cve
cve

CVE-2023-3823

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling...

8.6CVSS

8.2AI Score

0.001EPSS

2023-08-11 06:15 AM
501
cve
cve

CVE-2023-3824

In PHP version 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or...

9.8CVSS

9.8AI Score

0.001EPSS

2023-08-11 06:15 AM
603
cve
cve

CVE-2022-40296

The application was vulnerable to a Server-Side Request Forgery attacks, allowing the backend server to interact with unexpected endpoints, potentially including internal and local services, leading to attacks in other downstream...

9.8CVSS

9AI Score

0.002EPSS

2022-10-31 09:15 PM
25
5
cve
cve

CVE-2022-40295

The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline...

4.9CVSS

4.9AI Score

0.001EPSS

2022-10-31 09:15 PM
31
6
cve
cve

CVE-2022-40292

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the...

5.3CVSS

5.2AI Score

0.001EPSS

2022-10-31 09:15 PM
30
5
cve
cve

CVE-2022-40291

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin...

8.8CVSS

8.7AI Score

0.001EPSS

2022-10-31 09:15 PM
34
8
cve
cve

CVE-2022-40287

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted...

9CVSS

7.5AI Score

0.001EPSS

2022-10-31 09:15 PM
28
4
cve
cve

CVE-2022-40294

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data...

8.8CVSS

8.8AI Score

0.001EPSS

2022-10-31 09:15 PM
29
7
cve
cve

CVE-2022-40293

The application was vulnerable to a session fixation that could be used hijack...

9.8CVSS

9.2AI Score

0.002EPSS

2022-10-31 09:15 PM
29
7
cve
cve

CVE-2022-40288

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user...

9CVSS

7.8AI Score

0.001EPSS

2022-10-31 09:15 PM
27
8
cve
cve

CVE-2022-40290

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise...

6.1CVSS

6AI Score

0.001EPSS

2022-10-31 09:15 PM
26
6
cve
cve

CVE-2022-40289

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted...

9CVSS

7.8AI Score

0.001EPSS

2022-10-31 09:15 PM
29
4
cve
cve

CVE-2023-42359

SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in...

9.8CVSS

9.8AI Score

0.001EPSS

2023-09-18 12:15 PM
11
cve
cve

CVE-2023-2453

There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known.....

8.8CVSS

8.6AI Score

0.001EPSS

2023-09-05 03:15 PM
16
cve
cve

CVE-2023-4480

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write...

5.5CVSS

6.1AI Score

0.001EPSS

2023-09-05 03:15 PM
17
cve
cve

CVE-2021-3172

An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling...

8.1CVSS

7.7AI Score

0.001EPSS

2023-02-17 06:15 PM
20
cve
cve

CVE-2022-25866

The package czproject/git-php before 4.0.3 are vulnerable to Command Injection via git argument injection. When calling the isRemoteUrlReadable($url, array $refs = NULL) function, both the url and refs parameters are passed to the git ls-remote subcommand in a way that additional flags can be set.....

9.8CVSS

9.9AI Score

0.001EPSS

2022-04-25 05:15 PM
53
cve
cve

CVE-2023-3247

In PHP versions 8.0. before 8.0.29, 8.1. before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure.....

4.3CVSS

4.7AI Score

0.0004EPSS

2023-07-22 05:15 AM
2428
cve
cve

CVE-2022-37344

Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at...

9.8CVSS

9.4AI Score

0.002EPSS

2022-09-06 11:15 PM
38
3
cve
cve

CVE-2023-0662

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk...

7.5CVSS

8.4AI Score

0.001EPSS

2023-02-16 07:15 AM
264
cve
cve

CVE-2023-0568

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value,...

8.1CVSS

8.8AI Score

0.002EPSS

2023-02-16 07:15 AM
261
cve
cve

CVE-2010-4645

strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-dependent attackers to cause a denial of service (infinite loop) via a certain floating-point value in scientific notation, which is not properly handled in x87 FPU...

8.5AI Score

0.021EPSS

2011-01-11 03:00 AM
134
cve
cve

CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function...

9.8CVSS

10AI Score

0.025EPSS

2022-10-21 06:15 AM
1704
6
cve
cve

CVE-2023-23879

Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Execution plugin <= 1.0.0...

8.8CVSS

8.9AI Score

0.001EPSS

2023-04-23 12:15 PM
20
cve
cve

CVE-2016-5431

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...

7.5CVSS

7.4AI Score

0.001EPSS

2019-08-07 03:15 PM
28
cve
cve

CVE-2023-26267

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD |...

6.5CVSS

6.5AI Score

0.001EPSS

2023-02-21 09:15 AM
11
cve
cve

CVE-2019-11042

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to...

7.1CVSS

6.8AI Score

0.002EPSS

2019-08-09 08:15 PM
662
2
cve
cve

CVE-2019-11041

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to...

7.1CVSS

6.8AI Score

0.002EPSS

2019-08-09 08:15 PM
634
2
cve
cve

CVE-2015-8394

PCRE before 8.38 mishandles the (?() and (?(R) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

9.8CVSS

9.5AI Score

0.038EPSS

2015-12-02 01:59 AM
71
cve
cve

CVE-2015-8389

PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

9.8CVSS

9.5AI Score

0.028EPSS

2015-12-02 01:59 AM
55
cve
cve

CVE-2015-8390

PCRE before 8.38 mishandles the [: and \ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by.....

9.8CVSS

9.5AI Score

0.028EPSS

2015-12-02 01:59 AM
65
cve
cve

CVE-2015-8383

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by...

9.8CVSS

7.6AI Score

0.05EPSS

2015-12-02 01:59 AM
64
Total number of security vulnerabilities1262