PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 867
CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows ...
CVE-2012-0057
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.
CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
CVE-2012-0830
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
BDU:2022-02604
Уязвимость библиотеки libxslt интерпретатора языка программирования PHP, позволяющая нарушителю создать произвольные файлы
CVE-2012-0781
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
CVE-2012-0781
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers t ...
CVE-2011-4153
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
CVE-2011-4153
PHP 5.3.8 does not always check the return value of the zend_strndup f ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-0057 PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. | CVSS2: 6.4 | 2% Низкий | почти 14 лет назад |
| CVE-2012-0057 PHP before 5.3.9 has improper libxslt security settings, which allows ... | CVSS2: 6.4 | 2% Низкий | почти 14 лет назад |
 | CVE-2012-0057 PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. | CVSS2: 6.4 | 2% Низкий | почти 14 лет назад |
 | CVE-2012-0831 PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c. | CVSS2: 2.6 | 11% Средний | почти 14 лет назад |
| CVE-2012-0830 The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885. | CVSS2: 7.5 | 31% Средний | почти 14 лет назад |
 | BDU:2022-02604 Уязвимость библиотеки libxslt интерпретатора языка программирования PHP, позволяющая нарушителю создать произвольные файлы | CVSS3: 4.8 | 2% Низкий | почти 14 лет назад |
| CVE-2012-0781 The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. | CVSS2: 5 | 4% Низкий | почти 14 лет назад |
| CVE-2012-0781 The tidy_diagnose function in PHP 5.3.8 might allow remote attackers t ... | CVSS2: 5 | 4% Низкий | почти 14 лет назад |
| CVE-2011-4153 PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. | CVSS2: 5 | 6% Низкий | почти 14 лет назад |
| CVE-2011-4153 PHP 5.3.8 does not always check the return value of the zend_strndup f ... | CVSS2: 5 | 6% Низкий | почти 14 лет назад |
Уязвимостей на страницу