PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

openSUSE-SU-2021:0101-1

почти 5 лет назад

Security update for php7

EPSS: Низкий

SUSE-SU-2021:0126-1

почти 5 лет назад

Security update for php74

EPSS: Низкий

SUSE-SU-2021:0125-1

почти 5 лет назад

Security update for php72

EPSS: Низкий

SUSE-SU-2021:0124-1

почти 5 лет назад

Security update for php7

EPSS: Низкий

CVE-2020-7071

почти 5 лет назад

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

CVSS3: 5.3

EPSS: Низкий

SUSE-SU-2020:14516-1

около 5 лет назад

Security update for php53

EPSS: Средний

SUSE-SU-2020:2920-1

около 5 лет назад

Security update for php7

EPSS: Средний

SUSE-SU-2020:2894-1

около 5 лет назад

Security update for php5

EPSS: Средний

CVE-2020-7070

около 5 лет назад

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.

CVSS3: 4.3

EPSS: Средний

CVE-2020-7070

около 5 лет назад

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...

CVSS3: 4.3

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
openSUSE-SU-2021:0101-1 Security update for php7		7% Низкий	почти 5 лет назад
SUSE-SU-2021:0126-1 Security update for php74		7% Низкий	почти 5 лет назад
SUSE-SU-2021:0125-1 Security update for php72		7% Низкий	почти 5 лет назад
SUSE-SU-2021:0124-1 Security update for php7		7% Низкий	почти 5 лет назад
CVE-2020-7071 In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.	CVSS3: 5.3	7% Низкий	почти 5 лет назад
SUSE-SU-2020:14516-1 Security update for php53		26% Средний	около 5 лет назад
SUSE-SU-2020:2920-1 Security update for php7		26% Средний	около 5 лет назад
SUSE-SU-2020:2894-1 Security update for php5		26% Средний	около 5 лет назад
CVE-2020-7070 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information.	CVSS3: 4.3	26% Средний	около 5 лет назад
CVE-2020-7070 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...	CVSS3: 4.3	26% Средний	около 5 лет назад

Уязвимостей на страницу