Lucene search

K

PHP Security Vulnerabilities

cve
cve

CVE-2020-12718

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as...

5.4CVSS

5.8AI Score

0.001EPSS

2020-05-08 12:15 AM
72
cve
cve

CVE-2020-12706

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or...

5.4CVSS

5.9AI Score

0.005EPSS

2020-05-07 08:15 PM
69
cve
cve

CVE-2020-12708

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap...

6.1CVSS

6.5AI Score

0.002EPSS

2020-05-07 08:15 PM
48
cve
cve

CVE-2020-12461

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the.....

8.8CVSS

9AI Score

0.004EPSS

2020-04-29 05:15 PM
21
cve
cve

CVE-2020-12438

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT...

5.4CVSS

5.5AI Score

0.001EPSS

2020-04-28 09:15 PM
37
cve
cve

CVE-2020-7067

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array...

7.5CVSS

7.4AI Score

0.012EPSS

2020-04-27 09:15 PM
421
In Wild
7
cve
cve

CVE-2020-7066

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the...

5.3CVSS

6.2AI Score

0.006EPSS

2020-04-01 04:15 AM
569
9
cve
cve

CVE-2020-7064

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or...

6.5CVSS

6.5AI Score

0.004EPSS

2020-04-01 04:15 AM
571
In Wild
5
cve
cve

CVE-2020-7065

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code...

8.8CVSS

8.6AI Score

0.005EPSS

2020-04-01 04:15 AM
747
In Wild
cve
cve

CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive...

5.5CVSS

7AI Score

0.006EPSS

2020-02-27 09:15 PM
446
8
cve
cve

CVE-2020-7062

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that...

7.5CVSS

8.2AI Score

0.007EPSS

2020-02-27 09:15 PM
441
2
cve
cve

CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or...

9.1CVSS

8.6AI Score

0.004EPSS

2020-02-27 09:15 PM
389
5
cve
cve

CVE-2014-3622

Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party filter extension that accesses a certain ksep...

9.8CVSS

9.6AI Score

0.012EPSS

2020-02-19 01:15 PM
46
cve
cve

CVE-2011-3336

regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack...

7.5CVSS

7.2AI Score

0.061EPSS

2020-02-12 08:15 PM
88
cve
cve

CVE-2020-7060

When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information...

9.1CVSS

8.7AI Score

0.004EPSS

2020-02-10 08:15 AM
485
8
cve
cve

CVE-2020-7059

When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or...

9.1CVSS

8.7AI Score

0.004EPSS

2020-02-10 08:15 AM
544
5
cve
cve

CVE-2015-6497

The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData...

8.8CVSS

8.7AI Score

0.032EPSS

2020-01-15 05:15 PM
32
cve
cve

CVE-2015-2325

The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a...

7.8CVSS

6.6AI Score

0.002EPSS

2020-01-14 05:15 PM
63
5
cve
cve

CVE-2019-10774

php-shellcommand versions before 1.6.1 have a command injection vulnerability. Successful exploitation could lead to arbitrary code...

9.8CVSS

9.7AI Score

0.005EPSS

2019-12-30 05:15 PM
28
cve
cve

CVE-2011-1939

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before...

9.8CVSS

9.9AI Score

0.013EPSS

2019-11-26 10:15 PM
185
cve
cve

CVE-2010-4657

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting...

7.5CVSS

7.4AI Score

0.008EPSS

2019-11-13 09:15 PM
132
cve
cve

CVE-2015-8980

The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary...

9.8CVSS

9.5AI Score

0.008EPSS

2019-11-04 09:15 PM
55
cve
cve

CVE-2016-7398

A type confusion vulnerability in the merge_param() function of php_http_params.c in PHP's pecl-http extension 3.1.0beta2 (PHP 7) and earlier as well as 2.6.0beta2 (PHP 5) and earlier allows attackers to crash PHP and possibly execute arbitrary code via crafted HTTP...

9.8CVSS

9.7AI Score

0.003EPSS

2019-09-06 07:15 PM
93
cve
cve

CVE-2019-14470

cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description...

6.1CVSS

5.8AI Score

0.751EPSS

2019-09-04 08:15 PM
144
cve
cve

CVE-2019-1010028

phpscriptsmall.com School College Portal with ERP Script 2.6.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attack administrators and teachers, students and more. The component is: /pro-school/index.php?student/message/send_reply/. The attack vector is:...

6.1CVSS

6.2AI Score

0.001EPSS

2019-07-15 04:15 AM
146
cve
cve

CVE-2017-7189

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a security risk if the explicitly provided port number...

7.5CVSS

7.3AI Score

0.002EPSS

2019-07-10 03:15 PM
71
cve
cve

CVE-2019-11039

Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or...

9.1CVSS

8.9AI Score

0.009EPSS

2019-06-19 12:15 AM
552
cve
cve

CVE-2019-11040

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to...

9.1CVSS

8.8AI Score

0.008EPSS

2019-06-19 12:15 AM
557
cve
cve

CVE-2019-12099

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar...

8.8CVSS

8.7AI Score

0.071EPSS

2019-05-14 09:29 PM
27
cve
cve

CVE-2019-11035

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or...

9.1CVSS

8.8AI Score

0.006EPSS

2019-04-18 05:29 PM
377
cve
cve

CVE-2019-11034

When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or...

9.1CVSS

8.8AI Score

0.014EPSS

2019-04-18 05:29 PM
400
cve
cve

CVE-2019-9605

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture...

5.4CVSS

5.4AI Score

0.001EPSS

2019-03-29 02:29 PM
19
cve
cve

CVE-2019-9604

PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Cross-Site Request Forgery (CSRF) for Edit Profile...

8.8CVSS

8.9AI Score

0.001EPSS

2019-03-29 02:29 PM
17
cve
cve

CVE-2019-9637

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to.....

7.5CVSS

8.3AI Score

0.004EPSS

2019-03-09 12:29 AM
735
cve
cve

CVE-2019-9638

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to...

7.5CVSS

8.3AI Score

0.003EPSS

2019-03-09 12:29 AM
681
cve
cve

CVE-2019-9640

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in...

7.5CVSS

8.4AI Score

0.003EPSS

2019-03-09 12:29 AM
356
cve
cve

CVE-2019-9639

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len...

7.5CVSS

8.3AI Score

0.005EPSS

2019-03-09 12:29 AM
670
cve
cve

CVE-2019-9641

An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in...

9.8CVSS

9.2AI Score

0.029EPSS

2019-03-09 12:29 AM
2383
2
cve
cve

CVE-2019-9066

PHP Scripts Mall PHP Appointment Booking Script 3.0.3 allows HTML injection in a user...

5.4CVSS

5.7AI Score

0.001EPSS

2019-02-23 09:29 PM
25
cve
cve

CVE-2019-9020

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the function xmlrpc_decode() can lead to an invalid memory access (heap out of bounds read or read after free). This is related to xml_elem_parse_buf in...

9.8CVSS

8.4AI Score

0.004EPSS

2019-02-22 11:29 PM
1434
cve
cve

CVE-2019-9025

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the...

9.8CVSS

9.3AI Score

0.002EPSS

2019-02-22 11:29 PM
71
cve
cve

CVE-2019-9022

An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS response, which can allow a hostile DNS server to cause PHP to misuse memcpy, leading to read operations going past the buffer allocated for DNS data. This affects...

7.5CVSS

8.3AI Score

0.606EPSS

2019-02-22 11:29 PM
509
cve
cve

CVE-2019-9024

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can allow a hostile XMLRPC server to cause PHP to read memory outside of allocated areas in base64_decode_xmlrpc in...

7.5CVSS

8.3AI Score

0.011EPSS

2019-02-22 11:29 PM
1126
cve
cve

CVE-2019-9021

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer over-read in PHAR reading functions in the PHAR extension may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse the...

9.8CVSS

8.5AI Score

0.013EPSS

2019-02-22 11:29 PM
1152
cve
cve

CVE-2019-9023

An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-based buffer over-read instances are present in mbstring regular expression functions when supplied with invalid multibyte data. These occur in...

9.8CVSS

8.5AI Score

0.005EPSS

2019-02-22 11:29 PM
981
cve
cve

CVE-2018-20783

In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading functions may allow an attacker to read allocated or unallocated memory past the actual data when trying to parse a .phar file. This is related to phar_parse_pharfile in...

7.5CVSS

8.4AI Score

0.006EPSS

2019-02-21 07:29 PM
533
cve
cve

CVE-2018-1000888

PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the Archive_Tar class. There are several file operations with $v_header['filename'] as parameter (such as file_exists, is_file, is_dir, etc). When extract is called without a specific prefix path, we can...

8.8CVSS

8.8AI Score

0.007EPSS

2018-12-28 04:29 PM
224
cve
cve

CVE-2018-19935

ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail...

7.5CVSS

7.3AI Score

0.026EPSS

2018-12-07 09:29 AM
2551
cve
cve

CVE-2018-19785

PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in...

6.1CVSS

5.9AI Score

0.001EPSS

2018-12-01 12:29 AM
18
cve
cve

CVE-2018-19784

The str_rot_pass function in vendor/atholn1600/php-proxy/src/helpers.php in PHP-Proxy 5.1.0 uses weak cryptography, which makes it easier for attackers to calculate the authorization data needed for local file...

7.5CVSS

7.3AI Score

0.007EPSS

2018-12-01 12:29 AM
16
Total number of security vulnerabilities1262