PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.

Релизный цикл, информация об уязвимостях

Продукт: PHP

Вендор: php

График релизов

Недавние уязвимости PHP

Количество 3 889

CVE-2004-1392

около 21 года назад

PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

CVSS2: 5

EPSS: Низкий

CVE-2004-1392

около 21 года назад

PHP 4.0 with cURL functions allows remote attackers to bypass the open ...

CVSS2: 5

EPSS: Низкий

CVE-2004-1392

около 21 года назад

PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

CVSS2: 5

EPSS: Низкий

CVE-2004-1392

больше 21 года назад

PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

EPSS: Низкий

CVE-2004-1065

больше 21 года назад

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

EPSS: Низкий

CVE-2004-1018

больше 21 года назад

Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.

EPSS: Средний

CVE-2004-1019

больше 21 года назад

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

EPSS: Низкий

CVE-2004-0959

больше 21 года назад

rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.

CVSS2: 2.1

EPSS: Низкий

CVE-2004-0958

больше 21 года назад

php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.

CVSS2: 5

EPSS: Низкий

CVE-2004-0959

больше 21 года назад

rfc1867.c in PHP before 5.0.2 allows local users to upload files to ar ...

CVSS2: 2.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано 1
CVE-2004-1392 PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.	CVSS2: 5	8% Низкий	около 21 года назад
CVE-2004-1392 PHP 4.0 with cURL functions allows remote attackers to bypass the open ...	CVSS2: 5	8% Низкий	около 21 года назад
CVE-2004-1392 PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.	CVSS2: 5	8% Низкий	около 21 года назад
CVE-2004-1392 PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.		8% Низкий	больше 21 года назад
CVE-2004-1065 Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.		7% Низкий	больше 21 года назад
CVE-2004-1018 Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.		24% Средний	больше 21 года назад
CVE-2004-1019 The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.		7% Низкий	больше 21 года назад
CVE-2004-0959 rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.	CVSS2: 2.1	5% Низкий	больше 21 года назад
CVE-2004-0958 php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.	CVSS2: 5	8% Низкий	больше 21 года назад
CVE-2004-0959 rfc1867.c in PHP before 5.0.2 allows local users to upload files to ar ...	CVSS2: 2.1	5% Низкий	больше 21 года назад

Уязвимостей на страницу