PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
BDU:2020-05179
Уязвимость интерпретатора языка программирования PHP, связанная с целочисленным переполнением буфера, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
BDU:2020-05806
Уязвимость функции urldecode() интерпретатора языка программирования PHP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к защищаемой информации
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2019-11048 In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ... | CVSS3: 5.3 | 13% Средний | почти 6 лет назад |
 | CVE-2019-11048 In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. | CVSS3: 5.3 | 13% Средний | почти 6 лет назад |
 | CVE-2020-7069 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. | CVSS3: 6.5 | 8% Низкий | почти 6 лет назад |
| CVE-2019-11048 In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. | CVSS3: 7.5 | 13% Средний | почти 6 лет назад |
 | BDU:2020-05179 Уязвимость интерпретатора языка программирования PHP, связанная с целочисленным переполнением буфера, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 13% Средний | почти 6 лет назад |
 | CVE-2020-7067 In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. | CVSS3: 7.5 | 10% Низкий | почти 6 лет назад |
| CVE-2020-7067 In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ... | CVSS3: 7.5 | 10% Низкий | почти 6 лет назад |
| CVE-2020-7067 In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. | CVSS3: 7.5 | 10% Низкий | почти 6 лет назад |
| BDU:2020-05806 Уязвимость функции urldecode() интерпретатора языка программирования PHP, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к защищаемой информации | CVSS3: 7.5 | 10% Низкий | почти 6 лет назад |
| CVE-2020-7067 In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. | CVSS3: 5.9 | 10% Низкий | почти 6 лет назад |
Уязвимостей на страницу