PHP — популярный язык сценариев общего назначения, особенно подходящий для веб-разработки.
Релизный цикл, информация об уязвимостях
График релизов
Количество 3 889
CVE-2001-0108
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
CVE-2001-1385
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
CVE-2000-0967
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
CVE-2000-0860
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
CVE-2000-0967
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
CVE-2000-0059
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
CVE-1999-0068
CGI PHP mylog script allows an attacker to read any file on the target server.
CVE-1999-0238
php.cgi allows attackers to read any file on the system.
CVE-1999-0058
Buffer overflow in PHP cgi program, php.cgi allows shell access.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2001-0108 PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | 0% Низкий | около 25 лет назад | |
| CVE-2001-1385 The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | 1% Низкий | около 25 лет назад | |
 | CVE-2000-0967 PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. | CVSS2: 10 | 27% Средний | больше 25 лет назад |
| CVE-2000-0860 The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. | CVSS2: 5 | 1% Низкий | больше 25 лет назад |
| CVE-2000-0967 PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. | 27% Средний | больше 25 лет назад | |
| CVE-2000-0059 PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. | CVSS2: 10 | 3% Низкий | около 26 лет назад |
| CVE-1999-0068 CGI PHP mylog script allows an attacker to read any file on the target server. | CVSS2: 7.5 | 3% Низкий | больше 28 лет назад |
| CVE-1999-0238 php.cgi allows attackers to read any file on the system. | CVSS2: 10 | 2% Низкий | больше 28 лет назад |
| CVE-1999-0058 Buffer overflow in PHP cgi program, php.cgi allows shell access. | CVSS2: 7.5 | 1% Низкий | почти 29 лет назад |
Уязвимостей на страницу