PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
openSUSE-SU-2018:2929-1
Security update for php7
SUSE-SU-2018:2887-1
Security update for php7
CVE-2018-17082
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
CVE-2018-17082
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x ...
CVE-2018-17082
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
CVE-2018-17082
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c.
openSUSE-SU-2018:2648-1
Security update for php7
SUSE-SU-2018:2640-1
Security update for php7
CVE-2018-15132
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories.
CVE-2018-15132
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | openSUSE-SU-2018:2929-1 Security update for php7 | 8% Низкий | больше 7 лет назад | |
| SUSE-SU-2018:2887-1 Security update for php7 | 8% Низкий | больше 7 лет назад | |
 | CVE-2018-17082 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | CVSS3: 6.1 | 8% Низкий | больше 7 лет назад |
| CVE-2018-17082 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x ... | CVSS3: 6.1 | 8% Низкий | больше 7 лет назад |
 | CVE-2018-17082 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | CVSS3: 6.1 | 8% Низкий | больше 7 лет назад |
 | CVE-2018-17082 The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | CVSS3: 4.7 | 8% Низкий | больше 7 лет назад |
| openSUSE-SU-2018:2648-1 Security update for php7 | 0% Низкий | больше 7 лет назад | |
| SUSE-SU-2018:2640-1 Security update for php7 | 0% Низкий | больше 7 лет назад | |
| CVE-2018-15132 An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. | CVSS3: 7.5 | 5% Низкий | больше 7 лет назад |
| CVE-2018-15132 An issue was discovered in ext/standard/link_win32.c in PHP before 5.6 ... | CVSS3: 7.5 | 5% Низкий | больше 7 лет назад |
Уязвимостей на страницу