PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2015-6834

больше 9 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.

CVSS3: 9.8

EPSS: Средний

CVE-2015-6834

больше 9 лет назад

Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ...

CVSS3: 9.8

EPSS: Средний

CVE-2015-5589

больше 9 лет назад

The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.

CVSS3: 9.8

EPSS: Средний

CVE-2015-5589

больше 9 лет назад

The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ...

CVSS3: 9.8

EPSS: Средний

CVE-2015-4644

больше 9 лет назад

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.

CVSS3: 7.5

EPSS: Низкий

CVE-2015-4644

больше 9 лет назад

The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...

CVSS3: 7.5

EPSS: Низкий

CVE-2015-4643

больше 9 лет назад

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

CVSS3: 9.8

EPSS: Низкий

CVE-2015-4643

больше 9 лет назад

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...

CVSS3: 9.8

EPSS: Низкий

CVE-2015-4642

больше 9 лет назад

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.

CVSS3: 9.8

EPSS: Низкий

CVE-2015-4642

больше 9 лет назад

The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ...

CVSS3: 9.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-6834 Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.	CVSS3: 9.8	37% Средний	больше 9 лет назад
CVE-2015-6834 Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x be ...	CVSS3: 9.8	37% Средний	больше 9 лет назад
CVE-2015-5589 The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call.	CVSS3: 9.8	10% Средний	больше 9 лет назад
CVE-2015-5589 The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ...	CVSS3: 9.8	10% Средний	больше 9 лет назад
CVE-2015-4644 The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table names, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1352.	CVSS3: 7.5	10% Низкий	больше 9 лет назад
CVE-2015-4644 The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...	CVSS3: 7.5	10% Низкий	больше 9 лет назад
CVE-2015-4643 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.	CVSS3: 9.8	9% Низкий	больше 9 лет назад
CVE-2015-4643 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...	CVSS3: 9.8	9% Низкий	больше 9 лет назад
CVE-2015-4642 The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.	CVSS3: 9.8	6% Низкий	больше 9 лет назад
CVE-2015-4642 The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ...	CVSS3: 9.8	6% Низкий	больше 9 лет назад

Уязвимостей на страницу