PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2015-6832

около 10 лет назад

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6832

около 10 лет назад

Use-after-free vulnerability in the SPL unserialize implementation in ...

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6831

около 10 лет назад

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6831

около 10 лет назад

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ...

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6527

около 10 лет назад

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6527

около 10 лет назад

The php_str_replace_in_subject function in ext/standard/string.c in PH ...

CVSS3: 7.3

EPSS: Низкий

CVE-2015-5590

около 10 лет назад

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.

CVSS3: 7.3

EPSS: Низкий

CVE-2015-5590

около 10 лет назад

Stack-based buffer overflow in the phar_fix_filepath function in ext/p ...

CVSS3: 7.3

EPSS: Низкий

CVE-2015-6833

около 10 лет назад

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.

CVSS3: 7.5

EPSS: Низкий

CVE-2016-1904

около 10 лет назад

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.

CVSS3: 7.3

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-6832 Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.	CVSS3: 7.3	2% Низкий	около 10 лет назад
CVE-2015-6832 Use-after-free vulnerability in the SPL unserialize implementation in ...	CVSS3: 7.3	2% Низкий	около 10 лет назад
CVE-2015-6831 Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.	CVSS3: 7.3	1% Низкий	около 10 лет назад
CVE-2015-6831 Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5 ...	CVSS3: 7.3	1% Низкий	около 10 лет назад
CVE-2015-6527 The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.	CVSS3: 7.3	2% Низкий	около 10 лет назад
CVE-2015-6527 The php_str_replace_in_subject function in ext/standard/string.c in PH ...	CVSS3: 7.3	2% Низкий	около 10 лет назад
CVE-2015-5590 Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.	CVSS3: 7.3	6% Низкий	около 10 лет назад
CVE-2015-5590 Stack-based buffer overflow in the phar_fix_filepath function in ext/p ...	CVSS3: 7.3	6% Низкий	около 10 лет назад
CVE-2015-6833 Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a ZIP archive entry that is mishandled during an extractTo call.	CVSS3: 7.5	0% Низкий	около 10 лет назад
CVE-2016-1904 Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.	CVSS3: 7.3	0% Низкий	около 10 лет назад

Уязвимостей на страницу