PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 799
CVE-2007-4661
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872.
CVE-2007-4663
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
CVE-2007-4662
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
CVE-2007-4659
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
CVE-2007-4658
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVE-2007-4662
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...
CVE-2007-4658
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ...
CVE-2007-4659
The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...
CVE-2007-4660
Unspecified vulnerability in the chunk_split function in PHP before 5. ...
CVE-2007-4661
The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-4661 The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting in a heap-based buffer overflow. NOTE: this is due to an incomplete fix for CVE-2007-2872. | CVSS2: 7.5 | 4% Низкий | почти 18 лет назад |
| CVE-2007-4663 Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function. | CVSS2: 7.5 | 1% Низкий | почти 18 лет назад |
| CVE-2007-4662 Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors. | CVSS2: 7.5 | 4% Низкий | почти 18 лет назад |
| CVE-2007-4659 The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | CVSS2: 7.5 | 2% Низкий | почти 18 лет назад |
| CVE-2007-4658 The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | CVSS2: 7.5 | 2% Низкий | почти 18 лет назад |
| CVE-2007-4662 Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ... | CVSS2: 7.5 | 4% Низкий | почти 18 лет назад |
| CVE-2007-4658 The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ... | CVSS2: 7.5 | 2% Низкий | почти 18 лет назад |
| CVE-2007-4659 The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ... | CVSS2: 7.5 | 2% Низкий | почти 18 лет назад |
| CVE-2007-4660 Unspecified vulnerability in the chunk_split function in PHP before 5. ... | CVSS2: 7.5 | 2% Низкий | почти 18 лет назад |
| CVE-2007-4661 The chunk_split function in string.c in PHP 5.2.3 does not properly ca ... | CVSS2: 7.5 | 4% Низкий | почти 18 лет назад |
Уязвимостей на страницу