PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 863
CVE-2007-4784
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution.
CVE-2007-4596
The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.
CVE-2007-4596
The perl extension in PHP does not follow safe_mode restrictions, whic ...
CVE-2007-4596
The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.
CVE-2007-4660
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
CVE-2007-4658
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
CVE-2007-4659
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
CVE-2007-4670
Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
CVE-2007-3998
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.
CVE-2007-3996
Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2007-4784 The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. | 1% Низкий | почти 18 лет назад | |
 | CVE-2007-4596 The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments. | CVSS2: 7.5 | 7% Низкий | почти 18 лет назад |
| CVE-2007-4596 The perl extension in PHP does not follow safe_mode restrictions, whic ... | CVSS2: 7.5 | 7% Низкий | почти 18 лет назад |
 | CVE-2007-4596 The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments. | CVSS2: 7.5 | 7% Низкий | почти 18 лет назад |
| CVE-2007-4660 Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. | 2% Низкий | около 18 лет назад | |
| CVE-2007-4658 The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability. | 2% Низкий | около 18 лет назад | |
| CVE-2007-4659 The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors. | 2% Низкий | около 18 лет назад | |
| CVE-2007-4670 Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285. | 2% Низкий | около 18 лет назад | |
| CVE-2007-3998 The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set. | 5% Низкий | около 18 лет назад | |
| CVE-2007-3996 Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function. | 6% Низкий | около 18 лет назад |
Уязвимостей на страницу