PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 866
CVE-2012-0789
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
BDU:2022-02603
Уязвимость реализации PDORow интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02623
Уязвимость функции timezone интерпретатора языка программирования PHP , позволяющая нарушителю вызвать отказ в обслуживании
CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the ...
CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
CVE-2012-0830
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
CVE-2012-0830
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ...
CVE-2012-0830
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-0789 Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. | CVSS2: 5 | 7% Низкий | больше 13 лет назад |
 | BDU:2022-02603 Уязвимость реализации PDORow интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 3.7 | 11% Средний | больше 13 лет назад |
| BDU:2022-02623 Уязвимость функции timezone интерпретатора языка программирования PHP , позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 3.7 | 7% Низкий | больше 13 лет назад |
 | CVE-2012-0831 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. | CVSS2: 6.8 | 10% Низкий | больше 13 лет назад |
| CVE-2012-0831 PHP before 5.3.10 does not properly perform a temporary change to the ... | CVSS2: 6.8 | 10% Низкий | больше 13 лет назад |
| CVE-2012-0831 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. | CVSS2: 6.8 | 10% Низкий | больше 13 лет назад |
| CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. | CVSS2: 7.5 | 33% Средний | больше 13 лет назад |
| CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ... | CVSS2: 7.5 | 33% Средний | больше 13 лет назад |
| CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. | CVSS2: 7.5 | 33% Средний | больше 13 лет назад |
| CVE-2012-0057 PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. | CVSS2: 6.4 | 1% Низкий | больше 13 лет назад |
Уязвимостей на страницу