php.cgi allows attackers to read any file on the system.
Source: MITRE
Max CVSS
10.0
EPSS Score
1.00%
Published
1997-08-01
Updated
2022-08-17
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
Source: MITRE
Max CVSS
10.0
EPSS Score
6.40%
Published
2000-01-04
Updated
2008-09-10
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
Source: MITRE
Max CVSS
10.0
EPSS Score
34.05%
Published
2000-12-19
Updated
2018-05-03
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.38%
Published
2003-11-17
Updated
2018-10-30
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.38%
Published
2003-11-17
Updated
2018-10-30
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
Source: MITRE
Max CVSS
10.0
EPSS Score
92.00%
Published
2004-08-06
Updated
2022-07-01
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.87%
Published
2005-01-10
Updated
2020-12-08
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
Source: MITRE
Max CVSS
10.0
EPSS Score
5.32%
Published
2005-01-10
Updated
2018-10-30
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.28%
Published
2005-01-10
Updated
2020-12-08
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.69%
Published
2005-01-10
Updated
2020-12-08
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
Source: MITRE
Max CVSS
10.0
EPSS Score
13.41%
Published
2005-01-10
Updated
2018-10-30
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
Source: MITRE
Max CVSS
10.0
EPSS Score
4.17%
Published
2006-08-31
Updated
2018-10-30
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
Source: Red Hat, Inc.
Max CVSS
10.0
EPSS Score
57.96%
Published
2006-10-10
Updated
2018-10-30
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
Source: MITRE
Max CVSS
10.0
EPSS Score
1.13%
Published
2007-05-24
Updated
2008-09-11
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
Source: MITRE
Max CVSS
10.0
EPSS Score
3.46%
Published
2007-02-13
Updated
2018-10-30
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
Source: MITRE
Max CVSS
10.0
EPSS Score
1.21%
Published
2007-03-10
Updated
2008-09-05
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from a remote PHP interpreter via avatar upload or blog pingback.
Source: MITRE
Max CVSS
10.0
EPSS Score
82.66%
Published
2007-03-10
Updated
2017-07-29
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Source: Red Hat, Inc.
Max CVSS
10.0
EPSS Score
24.54%
Published
2008-05-05
Updated
2024-02-02
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
Source: Red Hat, Inc.
Max CVSS
10.0
EPSS Score
1.84%
Published
2008-05-05
Updated
2023-02-13
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
Source: Red Hat, Inc.
Max CVSS
10.0
EPSS Score
1.97%
Published
2008-05-05
Updated
2018-10-11
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion, related to the (1) mb_convert_encoding, (2) mb_check_encoding, (3) mb_convert_variables, and (4) mb_parse_str functions.
Source: MITRE
Max CVSS
10.0
EPSS Score
3.74%
Published
2008-12-23
Updated
2018-10-11
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
Source: Red Hat, Inc.
Max CVSS
10.0
EPSS Score
1.46%
Published
2009-12-21
Updated
2018-10-30
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
Source: MITRE
Max CVSS
10.0
EPSS Score
1.31%
Published
2011-08-25
Updated
2017-08-29
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
Source: Red Hat, Inc.
Max CVSS
10.0
EPSS Score
25.60%
Published
2012-05-21
Updated
2017-08-29
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
Source: Red Hat, Inc.
Max CVSS
10.0
EPSS Score
16.30%
Published
2012-07-20
Updated
2017-12-22
687 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!