PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2021-21702

около 5 лет назад

In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.

CVSS3: 7.5

EPSS: Низкий

openSUSE-SU-2021:0106-1

около 5 лет назад

Security update for php7

EPSS: Низкий

openSUSE-SU-2021:0101-1

около 5 лет назад

Security update for php7

EPSS: Низкий

SUSE-SU-2021:0126-1

около 5 лет назад

Security update for php74

EPSS: Низкий

SUSE-SU-2021:0125-1

около 5 лет назад

Security update for php72

EPSS: Низкий

SUSE-SU-2021:0124-1

около 5 лет назад

Security update for php7

EPSS: Низкий

CVE-2020-7071

около 5 лет назад

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

CVSS3: 5.3

EPSS: Низкий

SUSE-SU-2020:14516-1

больше 5 лет назад

Security update for php53

EPSS: Средний

SUSE-SU-2020:2920-1

больше 5 лет назад

Security update for php7

EPSS: Средний

SUSE-SU-2020:2894-1

больше 5 лет назад

Security update for php5

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2021-21702 In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.	CVSS3: 7.5	0% Низкий	около 5 лет назад
openSUSE-SU-2021:0106-1 Security update for php7		7% Низкий	около 5 лет назад
openSUSE-SU-2021:0101-1 Security update for php7		7% Низкий	около 5 лет назад
SUSE-SU-2021:0126-1 Security update for php74		7% Низкий	около 5 лет назад
SUSE-SU-2021:0125-1 Security update for php72		7% Низкий	около 5 лет назад
SUSE-SU-2021:0124-1 Security update for php7		7% Низкий	около 5 лет назад
CVE-2020-7071 In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.	CVSS3: 5.3	7% Низкий	около 5 лет назад
SUSE-SU-2020:14516-1 Security update for php53		26% Средний	больше 5 лет назад
SUSE-SU-2020:2920-1 Security update for php7		26% Средний	больше 5 лет назад
SUSE-SU-2020:2894-1 Security update for php5		26% Средний	больше 5 лет назад

Уязвимостей на страницу