PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2021-29399

почти 5 лет назад

XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.

CVSS3: 6.1

EPSS: Низкий

SUSE-SU-2021:14668-1

почти 5 лет назад

Security update for php53

EPSS: Низкий

SUSE-SU-2021:0584-1

почти 5 лет назад

Security update for php7

EPSS: Низкий

SUSE-SU-2021:0522-1

почти 5 лет назад

Security update for php74

EPSS: Низкий

openSUSE-SU-2021:0305-1

почти 5 лет назад

Security update for php7

EPSS: Низкий

SUSE-SU-2021:0498-1

почти 5 лет назад

Security update for php72

EPSS: Низкий

SUSE-SU-2021:0494-1

почти 5 лет назад

Security update for php7

EPSS: Низкий

CVE-2021-21702

почти 5 лет назад

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

CVSS3: 5.3

EPSS: Низкий

CVE-2021-21702

почти 5 лет назад

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...

CVSS3: 5.3

EPSS: Низкий

CVE-2020-7071

почти 5 лет назад

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

CVSS3: 5.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2021-29399 XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.	CVSS3: 6.1	1% Низкий	почти 5 лет назад
SUSE-SU-2021:14668-1 Security update for php53		0% Низкий	почти 5 лет назад
SUSE-SU-2021:0584-1 Security update for php7		0% Низкий	почти 5 лет назад
SUSE-SU-2021:0522-1 Security update for php74		0% Низкий	почти 5 лет назад
openSUSE-SU-2021:0305-1 Security update for php7		0% Низкий	почти 5 лет назад
SUSE-SU-2021:0498-1 Security update for php72		0% Низкий	почти 5 лет назад
SUSE-SU-2021:0494-1 Security update for php7		0% Низкий	почти 5 лет назад
CVE-2021-21702 In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.	CVSS3: 5.3	0% Низкий	почти 5 лет назад
CVE-2021-21702 In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below ...	CVSS3: 5.3	0% Низкий	почти 5 лет назад
CVE-2020-7071 In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.	CVSS3: 5.3	7% Низкий	почти 5 лет назад

Уязвимостей на страницу