PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2016-10712
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all o ...
CVE-2016-10712
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker.
BDU:2022-02561
Уязвимость функции stream_get_meta_data интерпретатора языка программирования PHP существует из-за недостаточной проверки входных данных, позволяющая нарушителю оказать воздействие на целостность информации
openSUSE-SU-2018:0316-1
Security update for gd
SUSE-SU-2018:0260-1
Security update for gd
SUSE-SU-2018:0235-1
Security update for gd
CVE-2018-5712
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
CVE-2018-5712
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1 ...
CVE-2018-5711
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx.
CVE-2018-5711
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP bef ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2016-10712 In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all o ... | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
 | CVE-2016-10712 In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlled if the input can be controlled (e.g., during file uploads). For example, a "$uri = stream_get_meta_data(fopen($file, "r"))['uri']" call mishandles the case where $file is data:text/plain;uri=eviluri, -- in other words, metadata can be set by an attacker. | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
 | BDU:2022-02561 Уязвимость функции stream_get_meta_data интерпретатора языка программирования PHP существует из-за недостаточной проверки входных данных, позволяющая нарушителю оказать воздействие на целостность информации | CVSS3: 7.5 | 1% Низкий | около 8 лет назад |
 | openSUSE-SU-2018:0316-1 Security update for gd | 8% Низкий | около 8 лет назад | |
| SUSE-SU-2018:0260-1 Security update for gd | 8% Низкий | около 8 лет назад | |
| SUSE-SU-2018:0235-1 Security update for gd | 8% Низкий | около 8 лет назад | |
 | CVE-2018-5712 An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. | CVSS3: 6.1 | 89% Высокий | около 8 лет назад |
| CVE-2018-5712 An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1 ... | CVSS3: 6.1 | 89% Высокий | около 8 лет назад |
| CVE-2018-5711 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. | CVSS3: 5.5 | 8% Низкий | около 8 лет назад |
| CVE-2018-5711 gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP bef ... | CVSS3: 5.5 | 8% Низкий | около 8 лет назад |
Уязвимостей на страницу