Логотип exploitDog
product: "php"
Консоль
Логотип exploitDog

exploitDog

product: "php"
PHP

PHPпопулярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP
Вендор: php

График релизов

8.18.28.38.4202120222023202420252026202720282029

Недавние уязвимости PHP

Количество 3 799

debian логотип

CVE-2008-7068

почти 16 лет назад

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...

CVSS2: 6.4
EPSS: Низкий
ubuntu логотип

CVE-2008-7068

почти 16 лет назад

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2008-7002

почти 16 лет назад

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.

CVSS2: 7.2
EPSS: Низкий
debian логотип

CVE-2008-7002

почти 16 лет назад

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2009-2687

почти 16 лет назад

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

CVSS2: 4.3
EPSS: Средний
debian логотип

CVE-2009-2687

почти 16 лет назад

The exif_read_data function in the Exif module in PHP before 5.2.10 al ...

CVSS2: 4.3
EPSS: Средний
ubuntu логотип

CVE-2009-2687

почти 16 лет назад

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

CVSS2: 4.3
EPSS: Средний
redhat логотип

CVE-2011-1471

почти 16 лет назад

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

CVSS2: 4.3
EPSS: Низкий
redhat логотип

CVE-2009-4018

почти 16 лет назад

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

CVSS2: 3.3
EPSS: Средний
redhat логотип

CVE-2009-2687

около 16 лет назад

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

CVSS2: 5.8
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
debian логотип
CVE-2008-7068

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...

CVSS2: 6.4
1%
Низкий
почти 16 лет назад
ubuntu логотип
CVE-2008-7068

The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.

CVSS2: 6.4
1%
Низкий
почти 16 лет назад
nvd логотип
CVE-2008-7002

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.

CVSS2: 7.2
0%
Низкий
почти 16 лет назад
debian логотип
CVE-2008-7002

PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...

CVSS2: 7.2
0%
Низкий
почти 16 лет назад
nvd логотип
CVE-2009-2687

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

CVSS2: 4.3
11%
Средний
почти 16 лет назад
debian логотип
CVE-2009-2687

The exif_read_data function in the Exif module in PHP before 5.2.10 al ...

CVSS2: 4.3
11%
Средний
почти 16 лет назад
ubuntu логотип
CVE-2009-2687

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

CVSS2: 4.3
11%
Средний
почти 16 лет назад
redhat логотип
CVE-2011-1471

Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.

CVSS2: 4.3
9%
Низкий
почти 16 лет назад
redhat логотип
CVE-2009-4018

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

CVSS2: 3.3
18%
Средний
почти 16 лет назад
redhat логотип
CVE-2009-2687

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

CVSS2: 5.8
11%
Средний
около 16 лет назад

Уязвимостей на страницу


Поделиться