PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 768
CVE-2006-6383
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.
CVE-2006-5706
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
CVE-2006-5706
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...
CVE-2006-5706
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.
CVE-2006-5465
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
CVE-2006-5465
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...
CVE-2006-5465
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
CVE-2006-5465
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
CVE-2006-4812
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
CVE-2006-5178
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2006-6383 PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | CVSS2: 4.6 | 0% Низкий | больше 18 лет назад |
 | CVE-2006-5706 Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. | CVSS2: 7.2 | 0% Низкий | больше 18 лет назад |
| CVE-2006-5706 Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ... | CVSS2: 7.2 | 0% Низкий | больше 18 лет назад |
| CVE-2006-5706 Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494. | CVSS2: 7.2 | 0% Низкий | больше 18 лет назад |
| CVE-2006-5465 Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | CVSS2: 7.5 | 42% Средний | больше 18 лет назад |
| CVE-2006-5465 Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ... | CVSS2: 7.5 | 42% Средний | больше 18 лет назад |
| CVE-2006-5465 Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | CVSS2: 7.5 | 42% Средний | больше 18 лет назад |
 | CVE-2006-5465 Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions. | 42% Средний | больше 18 лет назад | |
| CVE-2006-4812 Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c). | CVSS2: 10 | 30% Средний | больше 18 лет назад |
| CVE-2006-5178 Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink. | CVSS2: 6.2 | 0% Низкий | больше 18 лет назад |
Уязвимостей на страницу