PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 867

CVE-2015-6831

почти 10 лет назад

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6831

почти 10 лет назад

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ...

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6527

почти 10 лет назад

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6527

почти 10 лет назад

The php_str_replace_in_subject function in ext/standard/string.c in PH ...

CVSS3: 7.3

EPSS: Низкий

CVE-2015-5590

почти 10 лет назад

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.

CVSS3: 7.3

EPSS: Низкий

CVE-2015-5590

почти 10 лет назад

Stack-based buffer overflow in the phar_fix_filepath function in ext/p ...

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6836

почти 10 лет назад

The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6833

почти 10 лет назад

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-1903

почти 10 лет назад

The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.

CVSS3: 9.1

EPSS: Низкий

CVE-2015-6832

почти 10 лет назад

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

CVSS3: 7.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-6831 Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.	CVSS3: 7.3	1% Низкий	почти 10 лет назад
CVE-2015-6831 Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ...	CVSS3: 7.3	1% Низкий	почти 10 лет назад
CVE-2015-6527 The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.	CVSS3: 7.3	3% Низкий	почти 10 лет назад
CVE-2015-6527 The php_str_replace_in_subject function in ext/standard/string.c in PH ...	CVSS3: 7.3	3% Низкий	почти 10 лет назад
CVE-2015-5590 Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.	CVSS3: 7.3	6% Низкий	почти 10 лет назад
CVE-2015-5590 Stack-based buffer overflow in the phar_fix_filepath function in ext/p ...	CVSS3: 7.3	6% Низкий	почти 10 лет назад
CVE-2015-6836 The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.	CVSS3: 7.3	3% Низкий	почти 10 лет назад
CVE-2015-6833 Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.	CVSS3: 7.5	0% Низкий	почти 10 лет назад
CVE-2016-1903 The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.	CVSS3: 9.1	9% Низкий	почти 10 лет назад
CVE-2015-6832 Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.	CVSS3: 7.3	2% Низкий	почти 10 лет назад

Уязвимостей на страницу