PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 883

CVE-2015-4148

больше 10 лет назад

The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5 ...

CVSS2: 5

EPSS: Средний

CVE-2015-4147

больше 10 лет назад

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.

CVSS2: 7.5

EPSS: Средний

CVE-2015-4147

больше 10 лет назад

The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...

CVSS2: 7.5

EPSS: Средний

CVE-2015-4026

больше 10 лет назад

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

CVSS2: 7.5

EPSS: Низкий

CVE-2015-4026

больше 10 лет назад

The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.2 ...

CVSS2: 7.5

EPSS: Низкий

CVE-2015-4025

больше 10 лет назад

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

CVSS2: 7.5

EPSS: Низкий

CVE-2015-4025

больше 10 лет назад

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncat ...

CVSS2: 7.5

EPSS: Низкий

CVE-2015-4024

больше 10 лет назад

Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.

CVSS2: 5

EPSS: Высокий

CVE-2015-4024

больше 10 лет назад

Algorithmic complexity vulnerability in the multipart_buffer_headers f ...

CVSS2: 5

EPSS: Высокий

CVE-2015-4022

больше 10 лет назад

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.

CVSS2: 7.5

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2015-4148 The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5 ...	CVSS2: 5	17% Средний	больше 10 лет назад
CVE-2015-4147 The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue.	CVSS2: 7.5	51% Средний	больше 10 лет назад
CVE-2015-4147 The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...	CVSS2: 7.5	51% Средний	больше 10 лет назад
CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.	CVSS2: 7.5	10% Низкий	больше 10 лет назад
CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.2 ...	CVSS2: 7.5	10% Низкий	больше 10 лет назад
CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.	CVSS2: 7.5	6% Низкий	больше 10 лет назад
CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncat ...	CVSS2: 7.5	6% Низкий	больше 10 лет назад
CVE-2015-4024 Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.	CVSS2: 5	76% Высокий	больше 10 лет назад
CVE-2015-4024 Algorithmic complexity vulnerability in the multipart_buffer_headers f ...	CVSS2: 5	76% Высокий	больше 10 лет назад
CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow.	CVSS2: 7.5	21% Средний	больше 10 лет назад

Уязвимостей на страницу