PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2020-7065

около 6 лет назад

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.

CVSS3: 8.8

EPSS: Низкий

CVE-2020-7064

около 6 лет назад

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

CVSS3: 5.4

EPSS: Низкий

BDU:2020-01677

около 6 лет назад

Уязвимость функции mb_strtolower () при использовании кодировки UTF-32LE интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код

CVSS3: 8.8

EPSS: Низкий

BDU:2020-02387

около 6 лет назад

Уязвимость реализации функции get_headers() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

CVSS3: 4.3

EPSS: Низкий

CVE-2020-7063

около 6 лет назад

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

CVSS3: 5.5

EPSS: Низкий

CVE-2020-7063

около 6 лет назад

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...

CVSS3: 5.5

EPSS: Низкий

CVE-2020-7062

около 6 лет назад

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

CVSS3: 7.5

EPSS: Низкий

CVE-2020-7062

около 6 лет назад

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...

CVSS3: 7.5

EPSS: Низкий

CVE-2020-7061

около 6 лет назад

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

CVSS3: 6.5

EPSS: Низкий

CVE-2020-7061

около 6 лет назад

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...

CVSS3: 6.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2020-7065 In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.	CVSS3: 8.8	5% Низкий	около 6 лет назад
CVE-2020-7064 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.	CVSS3: 5.4	2% Низкий	около 6 лет назад
BDU:2020-01677 Уязвимость функции mb_strtolower () при использовании кодировки UTF-32LE интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольный код	CVSS3: 8.8	5% Низкий	около 6 лет назад
BDU:2020-02387 Уязвимость реализации функции get_headers() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации	CVSS3: 4.3	2% Низкий	около 6 лет назад
CVE-2020-7063 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.	CVSS3: 5.5	0% Низкий	около 6 лет назад
CVE-2020-7063 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...	CVSS3: 5.5	0% Низкий	около 6 лет назад
CVE-2020-7062 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.	CVSS3: 7.5	1% Низкий	около 6 лет назад
CVE-2020-7062 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...	CVSS3: 7.5	1% Низкий	около 6 лет назад
CVE-2020-7061 In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.	CVSS3: 6.5	3% Низкий	около 6 лет назад
CVE-2020-7061 In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...	CVSS3: 6.5	3% Низкий	около 6 лет назад

Уязвимостей на страницу