PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2007-4850
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5. ...
CVE-2007-4850
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
CVE-2007-4850
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563.
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when open_based ...
CVE-2008-0145
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
CVE-2007-5899
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID.
CVE-2007-6039
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
CVE-2007-6039
PHP 5.2.5 and earlier allows context-dependent attackers to cause a de ...
CVE-2007-5899
The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2007-4850 curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5. ... | CVSS2: 5 | 13% Средний | около 18 лет назад |
 | CVE-2007-4850 curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. | CVSS2: 5 | 13% Средний | около 18 лет назад |
 | CVE-2007-4850 curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vulnerability than CVE-2006-2563. | 13% Средний | около 18 лет назад | |
 | CVE-2008-0145 Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | CVSS2: 7.5 | 1% Низкий | около 18 лет назад |
| CVE-2008-0145 Unspecified vulnerability in glob in PHP before 4.4.8, when open_based ... | CVSS2: 7.5 | 1% Низкий | около 18 лет назад |
| CVE-2008-0145 Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663. | CVSS2: 7.5 | 1% Низкий | около 18 лет назад |
| CVE-2007-5899 The output_add_rewrite_var function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a local session ID. | CVSS2: 4.3 | 2% Низкий | больше 18 лет назад |
| CVE-2007-6039 PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the msgid1 parameter to the (4) dngettext or (5) ngettext function, or (6) the classname parameter to the stream_wrapper_register function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | CVSS2: 2.1 | 0% Низкий | больше 18 лет назад |
| CVE-2007-6039 PHP 5.2.5 and earlier allows context-dependent attackers to cause a de ... | CVSS2: 2.1 | 0% Низкий | больше 18 лет назад |
| CVE-2007-5899 The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ... | CVSS2: 4.3 | 2% Низкий | больше 18 лет назад |
Уязвимостей на страницу