PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

BDU:2022-02627

около 15 лет назад

Уязвимость функции mt_rand интерпретатора языка программирования PHP, позволяющая нарушителю прогнозировать возвращаемые значений

CVSS3: 5.3

EPSS: Низкий

CVE-2011-0421

около 15 лет назад

The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.

CVSS2: 2.6

EPSS: Низкий

CVE-2010-4700

около 15 лет назад

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.

CVSS2: 6.8

EPSS: Низкий

CVE-2010-4700

около 15 лет назад

The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...

CVSS2: 6.8

EPSS: Низкий

CVE-2010-4699

около 15 лет назад

The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.

CVSS2: 5

EPSS: Низкий

CVE-2010-4699

около 15 лет назад

The iconv_mime_decode_headers function in the Iconv extension in PHP b ...

CVSS2: 5

EPSS: Низкий

CVE-2010-4698

около 15 лет назад

Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.

CVSS2: 5

EPSS: Низкий

CVE-2010-4698

около 15 лет назад

Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ...

CVSS2: 5

EPSS: Низкий

CVE-2010-4697

около 15 лет назад

Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.

CVSS2: 6.8

EPSS: Низкий

CVE-2010-4697

около 15 лет назад

Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ...

CVSS2: 6.8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
BDU:2022-02627 Уязвимость функции mt_rand интерпретатора языка программирования PHP, позволяющая нарушителю прогнозировать возвращаемые значений	CVSS3: 5.3	0% Низкий	около 15 лет назад
CVE-2011-0421 The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.	CVSS2: 2.6	8% Низкий	около 15 лет назад
CVE-2010-4700 The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.	CVSS2: 6.8	0% Низкий	около 15 лет назад
CVE-2010-4700 The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...	CVSS2: 6.8	0% Низкий	около 15 лет назад
CVE-2010-4699 The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.	CVSS2: 5	0% Низкий	около 15 лет назад
CVE-2010-4699 The iconv_mime_decode_headers function in the Iconv extension in PHP b ...	CVSS2: 5	0% Низкий	около 15 лет назад
CVE-2010-4698 Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.	CVSS2: 5	9% Низкий	около 15 лет назад
CVE-2010-4698 Stack-based buffer overflow in the GD extension in PHP before 5.2.15 a ...	CVSS2: 5	9% Низкий	около 15 лет назад
CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.	CVSS2: 6.8	1% Низкий	около 15 лет назад
CVE-2010-4697 Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 a ...	CVSS2: 6.8	1% Низкий	около 15 лет назад

Уязвимостей на страницу