PHP » PHP » 4.0.1 patch2 : Security Vulnerabilities, CVEs, Published In 2003
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
Max CVSS
10.0
EPSS Score
0.38%
Published
2003-11-17
Updated
2018-10-30
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
Max CVSS
10.0
EPSS Score
0.38%
Published
2003-11-17
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID parameter.
Max CVSS
4.3
EPSS Score
1.97%
Published
2003-07-24
Updated
2018-05-03
Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
Max CVSS
7.5
EPSS Score
10.97%
Published
2003-04-02
Updated
2018-10-30
4 vulnerabilities found