PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2011-1939
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and ...
CVE-2011-1939
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ...
CVE-2019-19246
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.
CVE-2019-11044
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...
CVE-2010-4657
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.
BDU:2022-02599
Уязвимость компонента XMLWriter интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2011-1939 SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and ... | CVSS3: 9.8 | 9% Низкий | почти 6 лет назад |
 | CVE-2011-1939 SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | CVSS3: 9.8 | 9% Низкий | почти 6 лет назад |
 | CVE-2019-19246 Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | CVSS3: 7.5 | 0% Низкий | почти 6 лет назад |
| CVE-2019-19246 Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has ... | CVSS3: 7.5 | 0% Низкий | почти 6 лет назад |
| CVE-2019-19246 Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. | CVSS3: 7.5 | 0% Низкий | почти 6 лет назад |
 | CVE-2019-11044 In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access. | 6% Низкий | почти 6 лет назад | |
| CVE-2010-4657 PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | CVSS3: 7.5 | 2% Низкий | около 6 лет назад |
| CVE-2010-4657 PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ... | CVSS3: 7.5 | 2% Низкий | около 6 лет назад |
| CVE-2010-4657 PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. | CVSS3: 7.5 | 2% Низкий | около 6 лет назад |
 | BDU:2022-02599 Уязвимость компонента XMLWriter интерпретатора языка программирования PHP, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 7.5 | 2% Низкий | около 6 лет назад |
Уязвимостей на страницу