PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 883
CVE-2008-7002
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.
CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 al ...
CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
CVE-2011-1471
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls.
CVE-2009-4018
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.
CVE-2009-2687
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
CVE-2009-1272
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
CVE-2009-1272
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x befo ...
CVE-2009-1271
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2008-7002 PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation. | CVSS2: 7.2 | 0% Низкий | больше 16 лет назад |
 | CVE-2009-2687 The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | CVSS2: 4.3 | 12% Средний | больше 16 лет назад |
| CVE-2009-2687 The exif_read_data function in the Exif module in PHP before 5.2.10 al ... | CVSS2: 4.3 | 12% Средний | больше 16 лет назад |
| CVE-2009-2687 The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | CVSS2: 4.3 | 12% Средний | больше 16 лет назад |
 | CVE-2011-1471 Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (CPU consumption) via a malformed archive file that triggers errors in zip_fread function calls. | CVSS2: 4.3 | 7% Низкий | больше 16 лет назад |
| CVE-2009-4018 The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable. | CVSS2: 3.3 | 22% Средний | больше 16 лет назад |
| CVE-2009-2687 The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353. | CVSS2: 5.8 | 12% Средний | больше 16 лет назад |
| CVE-2009-1272 The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction. | CVSS2: 5 | 2% Низкий | почти 17 лет назад |
| CVE-2009-1272 The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x befo ... | CVSS2: 5 | 2% Низкий | почти 17 лет назад |
| CVE-2009-1271 The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function. | CVSS2: 5 | 10% Средний | почти 17 лет назад |
Уязвимостей на страницу