PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 768

CVE-2007-0911

больше 18 лет назад

Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...

CVSS2: 7.8

EPSS: Средний

CVE-2007-0909

больше 18 лет назад

Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-0905

больше 18 лет назад

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-0910

больше 18 лет назад

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clo ...

CVSS2: 10

EPSS: Низкий

CVE-2007-0908

больше 18 лет назад

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...

CVSS2: 5

EPSS: Средний

CVE-2007-0906

больше 18 лет назад

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...

CVSS2: 7.5

EPSS: Низкий

CVE-2007-0911

больше 18 лет назад

Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).

CVSS2: 7.8

EPSS: Средний

CVE-2007-0908

больше 18 лет назад

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.

CVSS2: 5

EPSS: Средний

CVE-2007-0910

больше 18 лет назад

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.

CVSS2: 10

EPSS: Низкий

CVE-2007-0905

больше 18 лет назад

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

CVSS2: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2007-0911 Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...	CVSS2: 7.8	11% Средний	больше 18 лет назад
CVE-2007-0909 Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...	CVSS2: 7.5	3% Низкий	больше 18 лет назад
CVE-2007-0905 PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...	CVSS2: 7.5	1% Низкий	больше 18 лет назад
CVE-2007-0910 Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clo ...	CVSS2: 10	6% Низкий	больше 18 лет назад
CVE-2007-0908 The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...	CVSS2: 5	15% Средний	больше 18 лет назад
CVE-2007-0906 Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...	CVSS2: 7.5	1% Низкий	больше 18 лет назад
CVE-2007-0911 Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).	CVSS2: 7.8	11% Средний	больше 18 лет назад
CVE-2007-0908 The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.	CVSS2: 5	15% Средний	больше 18 лет назад
CVE-2007-0910 Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.	CVSS2: 10	6% Низкий	больше 18 лет назад
CVE-2007-0905 PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.	CVSS2: 7.5	1% Низкий	больше 18 лет назад

Уязвимостей на страницу