| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-21704 |
787 |
|
DoS Mem. Corr. |
2021-10-04 |
2022-10-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption. |
|
2 |
CVE-2020-7066 |
|
|
|
2020-04-01 |
2022-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. |
|
3 |
CVE-2020-7062 |
476 |
|
|
2020-02-27 |
2022-01-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash. |
|
4 |
CVE-2019-11045 |
74 |
|
|
2019-12-23 |
2022-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. |
|
5 |
CVE-2018-17082 |
79 |
|
XSS |
2018-09-16 |
2019-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. |
|
6 |
CVE-2018-14851 |
125 |
|
DoS |
2018-08-02 |
2019-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG file. |
|
7 |
CVE-2018-10547 |
79 |
|
XSS |
2018-04-29 |
2019-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. |
|
8 |
CVE-2018-5712 |
79 |
|
XSS |
2018-01-16 |
2019-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. |
|
9 |
CVE-2018-5711 |
681 |
|
|
2018-01-16 |
2019-10-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. |
|
10 |
CVE-2017-9067 |
22 |
|
Dir. Trav. |
2017-05-18 |
2017-05-31 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal. |
|
11 |
CVE-2017-7890 |
200 |
|
+Info |
2017-08-02 |
2018-05-04 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information. |
|
12 |
CVE-2016-6292 |
476 |
|
DoS |
2016-07-25 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted JPEG image. |
|
13 |
CVE-2016-6207 |
119 |
|
DoS Overflow |
2016-08-12 |
2022-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors. |
|
14 |
CVE-2015-8935 |
79 |
|
XSS |
2016-08-07 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function. |
|
15 |
CVE-2015-8838 |
284 |
|
|
2016-05-16 |
2016-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. |
|
16 |
CVE-2015-3152 |
295 |
|
|
2016-05-16 |
2022-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack. |
|
17 |
CVE-2015-2326 |
125 |
|
DoS |
2020-01-14 |
2023-01-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". |
|
18 |
CVE-2014-9767 |
22 |
|
Dir. Trav. |
2016-05-22 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 and ext/zip/ext_zip.cpp in HHVM before 3.12.1 allows remote attackers to create arbitrary empty directories via a crafted ZIP archive. |
|
19 |
CVE-2014-4698 |
|
|
DoS |
2014-07-10 |
2023-01-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted ArrayIterator usage within applications in certain web-hosting environments. |
|
20 |
CVE-2014-4670 |
|
|
DoS |
2014-07-10 |
2017-01-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact via crafted iterator usage within applications in certain web-hosting environments. |
|
21 |
CVE-2014-3587 |
189 |
|
DoS Overflow |
2014-08-23 |
2018-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. |
|
22 |
CVE-2014-3487 |
20 |
|
DoS |
2014-07-09 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate a stream offset, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
|
23 |
CVE-2014-3480 |
|
|
DoS |
2014-07-09 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, does not properly validate sector-count data, which allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. |
|
24 |
CVE-2014-3479 |
|
|
DoS |
2014-07-09 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service (application crash) via a crafted stream offset in a CDF file. |
|
25 |
CVE-2014-2497 |
476 |
|
DoS |
2014-03-21 |
2022-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. |
|
26 |
CVE-2014-2270 |
119 |
|
DoS Overflow |
2014-03-14 |
2022-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE executable. |
|
27 |
CVE-2014-0207 |
119 |
|
DoS Overflow |
2014-07-09 |
2022-09-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted CDF file. |
|
28 |
CVE-2013-6501 |
74 |
|
|
2015-03-30 |
2016-11-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_sdl function in ext/soap/php_sdl.c. |
|
29 |
CVE-2013-4636 |
20 |
|
DoS |
2013-06-21 |
2013-06-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. |
|
30 |
CVE-2013-4248 |
20 |
|
|
2013-08-18 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. |
|
31 |
CVE-2013-1824 |
611 |
|
|
2013-09-16 |
2023-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue in the soap_xmlParseFile and soap_xmlParseMemory functions. |
|
32 |
CVE-2012-4388 |
20 |
|
Http R.Spl. Bypass |
2012-09-07 |
2023-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1398. |
|
33 |
CVE-2012-2143 |
310 |
|
|
2012-07-05 |
2023-01-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password. |
|
34 |
CVE-2011-3189 |
310 |
|
Bypass |
2011-08-25 |
2017-08-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed string, which might allow remote attackers to bypass authentication via an arbitrary password, a different vulnerability than CVE-2011-2483. |
|
35 |
CVE-2011-1471 |
189 |
|
DoS |
2011-03-20 |
2023-01-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. |
|
36 |
CVE-2011-1470 |
20 |
|
DoS |
2011-03-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a ziparchive stream that is not properly handled by the stream_get_contents function. |
|
37 |
CVE-2011-1469 |
|
|
DoS |
2011-03-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) by accessing an ftp:// URL during use of an HTTP proxy with the FTP wrapper. |
|
38 |
CVE-2011-1468 |
399 |
|
DoS |
2011-03-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memory consumption) via (1) plaintext data to the openssl_encrypt function or (2) ciphertext data to the openssl_decrypt function. |
|
39 |
CVE-2011-1464 |
119 |
|
DoS Overflow |
2011-03-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow context-dependent attackers to cause a denial of service (application crash) via a small numerical value in the argument. |
|
40 |
CVE-2011-1398 |
20 |
|
Http R.Spl. Bypass |
2012-08-30 |
2013-10-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a crafted URL, related to improper interaction between the PHP header function and certain browsers, as demonstrated by Internet Explorer and Google Chrome. |
|
41 |
CVE-2011-0753 |
362 |
|
DoS Mem. Corr. |
2011-02-02 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals. |
|
42 |
CVE-2011-0708 |
119 |
1
|
DoS Overflow |
2011-03-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) via an image with a crafted Image File Directory (IFD) that triggers a buffer over-read. |
|
43 |
CVE-2011-0421 |
|
1
|
DoS |
2011-03-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation. |
|
44 |
CVE-2010-3710 |
399 |
|
DoS |
2010-10-25 |
2016-08-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows remote attackers to cause a denial of service (memory consumption and application crash) via a long e-mail address string. |
|
45 |
CVE-2010-3709 |
20 |
1
|
DoS |
2010-11-09 |
2023-02-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted ZIP archive. |
|
46 |
CVE-2010-2531 |
200 |
|
+Info |
2010-08-20 |
2023-01-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if display_errors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution time, or recursion. |
|
47 |
CVE-2009-4142 |
79 |
|
XSS |
2009-12-21 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS sequences, and (3) invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character. |
|
48 |
CVE-2009-2687 |
20 |
|
DoS |
2009-08-05 |
2023-01-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. |
|
49 |
CVE-2007-5899 |
200 |
|
+Info |
2007-11-20 |
2018-10-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. |
|
50 |
CVE-2007-5447 |
264 |
|
Bypass |
2007-10-14 |
2017-09-29 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function. |
