2 matches found
CVE-2016-4473
CVE-2016-4473 affects PHP Phar handling (phar_object.c); versions 7.0.7 and 5.6.x are impacted. A crafted Phar archive can trigger an invalid free in phar-compatible archive processing, enabling remote code execution. Debian security updates cite a patch (DLA-628-1) addressing this issue; other r...
CVE-2015-8866
CVE-2015-8866 describes a XXE/XEE vulnerability in PHP when using PHP-FPM, where libxml_disable_entity_loader changes are shared across threads, allowing crafted XML to exploit libxml. Affected versions include PHP prior to 5.5.22 and 5.6.x prior to 5.6.6; the issue stems from insufficient isolat...