PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2012-1171
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
CVE-2012-1172
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions.
CVE-2012-0789
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
CVE-2012-0789
Memory leak in the timezone functionality in PHP before 5.3.9 allows r ...
CVE-2012-0788
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
CVE-2012-0788
The PDORow implementation in PHP before 5.3.9 does not properly intera ...
CVE-2012-0789
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.
CVE-2012-0788
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.
BDU:2022-02623
Уязвимость функции timezone интерпретатора языка программирования PHP , позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-02603
Уязвимость реализации PDORow интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-1171 The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. | CVSS2: 5 | 0% Низкий | почти 14 лет назад |
| CVE-2012-1172 The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or conduct directory traversal attacks during multi-file uploads by leveraging a script that lacks its own filename restrictions. | CVSS2: 6.4 | 12% Средний | почти 14 лет назад |
 | CVE-2012-0789 Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. | CVSS2: 5 | 8% Низкий | почти 14 лет назад |
| CVE-2012-0789 Memory leak in the timezone functionality in PHP before 5.3.9 allows r ... | CVSS2: 5 | 8% Низкий | почти 14 лет назад |
| CVE-2012-0788 The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. | CVSS2: 5 | 7% Низкий | почти 14 лет назад |
| CVE-2012-0788 The PDORow implementation in PHP before 5.3.9 does not properly intera ... | CVSS2: 5 | 7% Низкий | почти 14 лет назад |
 | CVE-2012-0789 Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache. | CVSS2: 5 | 8% Низкий | почти 14 лет назад |
| CVE-2012-0788 The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server. | CVSS2: 5 | 7% Низкий | почти 14 лет назад |
 | BDU:2022-02623 Уязвимость функции timezone интерпретатора языка программирования PHP , позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 3.7 | 8% Низкий | почти 14 лет назад |
| BDU:2022-02603 Уязвимость реализации PDORow интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 3.7 | 7% Низкий | почти 14 лет назад |
Уязвимостей на страницу