PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification.

Уязвимость PHP-библиотеки генерации PDF-документов из HTML-разметки и CSS-стилей Dompdf, связанная с неверным порядком проверки авторизация перед синтаксическим анализом и канонизацией, позволяющая нарушителю удалить произвольные файлы или выполнить произвольный код

Security update for php7

Security update for php8

Security update for php7

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.

Уязвимость функции верификации пароля языка программирования PHP, связанная с недостаточным вычислением хеша пароля, позволяющая нарушителю оказать воздействие на целостность данных

In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imagelo ...