Lucene search

Php Security Vulnerabilities

cve

CVE-2006-3016

Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting...

6.4AI Score

0.011EPSS

2006-06-14 11:02 PM

cve

CVE-2006-3018

Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.

6.4AI Score

0.026EPSS

2006-06-14 11:02 PM

cve

CVE-2006-7205

The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.

6.3AI Score

0.004EPSS

2007-05-24 02:30 AM