PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 843

CVE-2007-4657

почти 18 лет назад

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4660

почти 18 лет назад

Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4658

почти 18 лет назад

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4658

почти 18 лет назад

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4657

почти 18 лет назад

Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4659

почти 18 лет назад

The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4663

почти 18 лет назад

Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4661

почти 18 лет назад

The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4662

почти 18 лет назад

Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-4660

почти 18 лет назад

Unspecified vulnerability in the chunk_split function in PHP before 5. ...

CVSS2: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2007-4657 Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.	CVSS2: 7.5	2% Низкий	почти 18 лет назад
CVE-2007-4660 Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.	CVSS2: 7.5	2% Низкий	почти 18 лет назад
CVE-2007-4658 The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.	CVSS2: 7.5	2% Низкий	почти 18 лет назад
CVE-2007-4658 The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4. ...	CVSS2: 7.5	2% Низкий	почти 18 лет назад
CVE-2007-4657 Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2 ...	CVSS2: 7.5	2% Низкий	почти 18 лет назад
CVE-2007-4659 The zend_alter_ini_entry function in PHP before 5.2.4 does not properl ...	CVSS2: 7.5	2% Низкий	почти 18 лет назад
CVE-2007-4663 Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...	CVSS2: 7.5	1% Низкий	почти 18 лет назад
CVE-2007-4661 The chunk_split function in string.c in PHP 5.2.3 does not properly ca ...	CVSS2: 7.5	3% Низкий	почти 18 лет назад
CVE-2007-4662 Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2 ...	CVSS2: 7.5	3% Низкий	почти 18 лет назад
CVE-2007-4660 Unspecified vulnerability in the chunk_split function in PHP before 5. ...	CVSS2: 7.5	2% Низкий	почти 18 лет назад

Уязвимостей на страницу