threat
engine
.sh
Back
·
··:··
Home
/
Product
/
php
Product
php
500 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-7263
>= 8.4.0 and < 8.4.21
In PHP versions 8.4.
before 8.4.21 and 8.5.
before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing
7.5
HIGH
CVE-2026-6104
>= 8.4.0 and < 8.4.21
In PHP versions 8.4.
before 8.4.21 and 8.5.
before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_
9.1
CRITICAL
CVE-2026-7568
>= 8.2.0 and < 8.2.31
In PHP versions 8.2.
before 8.2.31, 8.3.
before 8.3.31, 8.4.
before 8.4.21, and 8.5.
before 8.5.6, the metaphone() function in
7.5
HIGH
CVE-2026-7262
>= 8.2.0 and < 8.2.31
In PHP versions 8.2.
before 8.2.31, 8.3.
before 8.3.31, 8.4.
before 8.4.21, and 8.5.
before 8.5.6, when a SOAP server has a ty
7.5
HIGH
CVE-2026-7261
>= 8.2.0 and < 8.2.31
In PHP versions 8.2.
before 8.2.31, 8.3.
before 8.3.31, 8.4.
before 8.4.21, and 8.5.
before 8.5.6, when SoapServer is configur
9.8
CRITICAL
CVE-2026-7259
>= 8.2.0 and < 8.2.31
In PHP versions 8.2.
before 8.2.31, 8.3.
before 8.3.31, 8.4.
before 8.4.21, and 8.5.
before 8.5.6, a mismatch between encoding
6.5
MEDIUM
CVE-2026-7258
>= 8.2.0 and < 8.2.21
In PHP versions 8.2.
before 8.2.31, 8.3.
before 8.3.31, 8.4.
before 8.4.21, and 8.5.
before 8.5.6, some functions, including u
7.5
HIGH
CVE-2026-6735
>= 8.2.0 and < 8.2.31
In PHP versions 8.2.
before 8.2.31, 8.3.
before 8.3.31, 8.4.
before 8.4.21, 8.5.
before 8.5.6, due to improper sanitation of u
6.1
MEDIUM
CVE-2026-6722
>= 8.2.0 and < 8.2.31
In PHP versions 8.2.
before 8.2.31, 8.3.
before 8.3.31, 8.4.
before 8.4.21, and 8.5.
before 8.5.6, the SOAP extension's object
9.8
CRITICAL
CVE-2025-14179
>= 8.2.0 and < 8.2.31
In PHP versions 8.2.
before 8.2.31, 8.3.
before 8.3.31, 8.4.
before 8.4.21, and 8.5.
before 8.5.6, the PDO Firebird driver imp
9.8
CRITICAL
CVE-2026-24895
< 1.11.2
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Uni
9.8
CRITICAL
CVE-2026-24894
< 1.11.2
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglo
7.5
HIGH
CVE-2025-14180
>= 8.1.0 and < 8.1.34
In PHP versions 8.1.
before 8.1.34, 8.2.
before 8.2.30, 8.3.
before 8.3.29, 8.4.
before 8.4.16, 8.5.* before 8.5.1 when using
7.5
HIGH
CVE-2025-14178
>= 8.1.0 and < 8.1.34
In PHP versions:8.1.
before 8.1.34, 8.2.
before 8.2.30, 8.3.
before 8.3.29, 8.4.
before 8.4.16, 8.5.* before 8.5.1, a heap buf
6.5
MEDIUM
CVE-2025-14177
>= 8.1.0 and < 8.1.34
In PHP versions:8.1.
before 8.1.34, 8.2.
before 8.2.30, 8.3.
before 8.3.29, 8.4.
before 8.4.16, 8.5.* before 8.5.1, the getima
7.5
HIGH
CVE-2025-1735
>= 8.1.0 and < 8.1.33
In PHP versions:8.1.
before 8.1.33, 8.2.
before 8.2.29, 8.3.
before 8.3.23, 8.4.
pgsql and pdo_pgsql escaping functions do not
5.9
MEDIUM
CVE-2025-1220
>= 8.1.0 and < 8.1.33
In PHP versions:8.1.
before 8.1.33, 8.2.
before 8.2.29, 8.3.
before 8.3.23, 8.4.
before 8.4.10 some functions like fsockopen()
3.7
LOW
CVE-2025-6491
>= 8.1.0 and < 8.1.33
In PHP versions:8.1.
before 8.1.33, 8.2.
before 8.2.29, 8.3.
before 8.3.23, 8.4.
before 8.4.10 when parsing XML data in SOAP e
5.9
MEDIUM
CVE-2024-11235
>= 8.3.0 and < 8.3.19
In PHP versions 8.3.
before 8.3.19 and 8.4.
before 8.4.5, a code sequence involving __set handler or ??= operator and excepti
8.1
HIGH
CVE-2025-1861
>= 8.1.0 and < 8.1.31
In PHP from 8.1.
before 8.1.32, from 8.2.
before 8.2.28, from 8.3.
before 8.3.19, from 8.4.
before 8.4.5, when parsing HTTP re
9.8
CRITICAL
CVE-2025-1736
>= 8.1.0 and < 8.1.32
In PHP from 8.1.
before 8.1.32, from 8.2.
before 8.2.28, from 8.3.
before 8.3.19, from 8.4.
before 8.4.5, when user-supplied h
7.3
HIGH
CVE-2025-1734
>= 8.1.0 and < 8.1.32
In PHP from 8.1.
before 8.1.32, from 8.2.
before 8.2.28, from 8.3.
before 8.3.19, from 8.4.
before 8.4.5, when receiving heade
5.3
MEDIUM
CVE-2025-1219
>= 8.1.0 and < 8.1.32
In PHP from 8.1.
before 8.1.32, from 8.2.
before 8.2.28, from 8.3.
before 8.3.19, from 8.4.
before 8.4.5, when requesting a HT
5.3
MEDIUM
CVE-2025-1217
>= 8.1.0 and < 8.1.32
In PHP from 8.1.
before 8.1.32, from 8.2.
before 8.2.28, from 8.3.
before 8.3.19, from 8.4.
before 8.4.5, when http request mo
3.1
LOW
CVE-2022-31631
>= 8.0.0 and < 8.0.27
In PHP versions 8.0.
before 8.0.27, 8.1.
before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-suppli
9.1
CRITICAL
CVE-2024-11233
>= 8.1.0 and < 8.1.31
In PHP versions 8.1.
before 8.1.31, 8.2.
before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode
4.8
MEDIUM
CVE-2024-11236
>= 8.1.0 and < 8.1.31
In PHP versions 8.1.
before 8.1.31, 8.2.
before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() f
9.8
CRITICAL
CVE-2024-11234
>= 8.1.0 and < 8.1.31
In PHP versions 8.1.
before 8.1.31, 8.2.
before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "reque
4.8
MEDIUM
CVE-2024-8929
>= 8.1.0 and < 8.1.31
In PHP versions 8.1.
before 8.1.31, 8.2.
before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disc
5.8
MEDIUM
CVE-2024-8932
>= 8.1.0 and < 8.1.31
In PHP versions 8.1.
before 8.1.31, 8.2.
before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() f
9.8
CRITICAL
CVE-2024-9026
>= 8.1.0 and < 8.1.30
In PHP versions 8.1.
before 8.1.30, 8.2.
before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to ca
3.3
LOW
CVE-2024-8927
>= 8.1.0 and < 8.1.30
In PHP versions 8.1.
before 8.1.30, 8.2.
before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whe
7.5
HIGH
CVE-2024-8926
>= 8.1.0 and < 8.1.30
In PHP versions 8.1.
before 8.1.30, 8.2.
before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations o
8.1
HIGH
CVE-2024-8925
>= 8.1.0 and < 8.1.30
In PHP versions 8.1.
before 8.1.30, 8.2.
before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained
3.1
LOW
CVE-2024-4577
>= 8.1.0 and < 8.1.29
In PHP versions 8.1.
before 8.1.29, 8.2.
before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the sy
9.8
CRITICAL
CVE-2024-2408
>= 8.1.0 and < 8.1.29
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable
5.9
MEDIUM
CVE-2024-5585
>= 8.1.0 and < 8.1.29
In PHP versions 8.1.
before 8.1.29, 8.2.
before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the com
7.7
HIGH
CVE-2024-5458
>= 7.3.27 and <= 7.3.33
In PHP versions 8.1.
before 8.1.29, 8.2.
before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such
5.3
MEDIUM
CVE-2024-3096
>= 8.1.0 and < 8.1.28
In PHP version 8.1.
before 8.1.28, 8.2.
before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts w
6.5
MEDIUM
CVE-2024-2757
>= 8.3.0 and < 8.3.5
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space
7.5
HIGH
CVE-2024-1874
>= 8.1.0 and < 8.1.28
In PHP versions 8.1.
before 8.1.28, 8.2.
before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, du
9.4
CRITICAL
CVE-2024-3566
< 8.1.28
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on t
9.8
CRITICAL
CVE-2022-4900
< 8.0.22
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap bu
6.2
MEDIUM
CVE-2023-3824
>= 8.0.0 and < 8.0.30
In PHP version 8.0.
before 8.0.30, 8.1.
before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR dire
9.4
CRITICAL
CVE-2023-3823
>= 8.0.0 and < 8.0.30
In PHP versions 8.0.
before 8.0.30, 8.1.
before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state
8.6
HIGH
CVE-2023-3247
>= 8.0.0 and < 8.0.29
In PHP versions 8.0.
before 8.0.29, 8.1.
before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random va
2.6
LOW
CVE-2023-0567
>= 8.0.0 and < 8.0.28
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfis
7.7
HIGH
CVE-2023-0662
>= 8.0.0 and < 8.0.28
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause hi
7.5
HIGH
CVE-2023-0568
>= 8.0.0 and < 8.0.28
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too
7.5
HIGH
CVE-2022-31630
>= 7.4.0 and < 7.4.33
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply
6.5
MEDIUM
CVE-2022-37454
>= 7.2.0 and < 7.4.33
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows at
9.8
CRITICAL
CVE-2022-31629
< 7.4.31
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard inse
6.5
MEDIUM
CVE-2022-31628
< 7.4.31
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, res
2.3
LOW
CVE-2022-31627
>= 8.1.0 and < 8.1.8
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third part
7.7
HIGH
CVE-2022-31626
>= 7.4.0 and < 7.4.30
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if th
7.5
HIGH
CVE-2022-31625
>= 7.4.0 and < 7.4.30
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying i
8.1
HIGH
CVE-2022-27158
< 1.32.0
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
9.8
CRITICAL
CVE-2022-27157
< 1.32.0
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.
9.8
CRITICAL
CVE-2021-21708
>= 7.4.0 and < 7.4.28
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FL
8.2
HIGH
CVE-2021-21707
>= 7.3.0 and < 7.3.33
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_
5.3
MEDIUM
CVE-2021-21703
>= 7.3.0 and <= 7.3.31
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main F
7.8
HIGH
CVE-2021-21706
>= 7.3.0 and < 7.3.31
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extra
5.3
MEDIUM
CVE-2021-21705
>= 7.3.0 and < 7.3.29
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_v
4.3
MEDIUM
CVE-2021-21704
>= 7.3.0 and < 7.3.29
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a maliciou
5.0
MEDIUM
CVE-2021-32610
< 1.4.14
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2
7.1
HIGH
CVE-2021-21702
>= 7.3.0 and < 7.3.27
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP serve
5.3
MEDIUM
CVE-2020-7071
>= 7.3.0 and < 7.3.26
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_
5.3
MEDIUM
CVE-2020-36193
<= 1.4.11
Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic link
7.5
HIGH
CVE-2020-28949
< 1.4.12
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (s
7.8
HIGH
CVE-2020-28948
< 1.4.11
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
7.8
HIGH
CVE-2020-7070
>= 7.2.0 and < 7.2.34
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values,
4.3
MEDIUM
CVE-2020-7069
>= 7.2.0 and < 7.2.34
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() fu
5.4
MEDIUM
CVE-2020-7068
>= 7.2.0 and < 7.2.33
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, ph
4.8
MEDIUM
CVE-2019-11048
>= 7.2.0 and < 7.2.31
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly
5.3
MEDIUM
CVE-2020-7067
>= 7.2.0 and < 7.2.30
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), u
7.5
HIGH
CVE-2020-7066
>= 7.2.0 and < 7.2.29
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if
5.3
MEDIUM
CVE-2020-7065
>= 7.3.0 and < 7.3.16
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain inv
7.4
HIGH
CVE-2020-7064
>= 7.2.0 and < 7.2.29
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() functio
6.5
MEDIUM
CVE-2020-7063
>= 7.2.0 and <= 7.2.27
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFrom
5.5
MEDIUM
CVE-2020-7062
>= 7.2.0 and <= 7.2.27
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload prog
7.5
HIGH
CVE-2020-7061
>= 7.2.0 and <= 7.2.27
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain con
6.5
MEDIUM
CVE-2014-3622
>= 5.6.0 and < 5.6.1
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remot
9.8
CRITICAL
CVE-2011-3336
>= 5.3.0 and <= 5.3.10
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
7.5
HIGH
CVE-2020-7060
>= 7.2.0 and < 7.2.27
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7
6.5
MEDIUM
CVE-2020-7059
>= 7.2.0 and < 7.2.27
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x be
6.5
MEDIUM
CVE-2015-2326
>= 5.4.0 and < 5.4.41
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of
5.5
MEDIUM
CVE-2015-2325
>= 5.4.0 and < 5.4.41
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of se
7.8
HIGH
CVE-2019-11050
>= 7.2.0 and <= 7.2.26
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below
4.8
MEDIUM
CVE-2019-11049
>= 7.3.0 and <= 7.3.13
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduc
6.5
MEDIUM
CVE-2019-11047
>= 7.2.0 and < 7.2.26
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below
4.8
MEDIUM
CVE-2019-11046
>= 7.2.0 and <= 7.2.26
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Window
3.7
LOW
CVE-2019-11045
>= 7.2.0 and <= 7.2.26
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 b
3.7
LOW
CVE-2019-11044
>= 7.2.0 and <= 7.2.26
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \
3.7
LOW
CVE-2011-1939
< 5.3.6
SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodi
9.8
CRITICAL
CVE-2019-19246
>= 7.3.0 and < 7.3.10
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in reg
7.5
HIGH
CVE-2010-4657
>= 5.0.0 and < 5.4.4
PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. T
7.5
HIGH
CVE-2019-11043
>= 7.1.0 and < 7.1.33
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possibl
8.7
HIGH
CVE-2019-11042
>= 7.1.0 and < 7.1.31
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below
7.1
HIGH
CVE-2019-11041
>= 7.1.0 and < 7.1.31
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below
7.1
HIGH
CVE-2017-7189
>= 7.0.0 and < 7.0.16
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80',
7.5
HIGH
CVE-2019-13224
>= 7.1.0 and < 7.1.32
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure,
9.8
CRITICAL
CVE-2019-11040
>= 7.1.0 and < 7.1.30
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below
9.1
CRITICAL
CVE-2019-11039
>= 7.1.0 and < 7.1.30
Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-
9.1
CRITICAL
CVE-2019-11038
>= 7.1.0 and < 7.1.30
When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PH
5.3
MEDIUM
CVE-2019-11036
>= 7.1.0 and < 7.1.29
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be
9.1
CRITICAL
CVE-2019-11035
>= 7.1.0 and < 7.1.28
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be
9.1
CRITICAL
CVE-2019-11034
>= 7.1.0 and < 7.1.28
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be
9.1
CRITICAL
CVE-2019-9675
>= 7.0.0 and < 7.1.27
An issue was discovered in PHP 7.x before 7.1.27 and 7.3.x before 7.3.3. phar_tar_writeheaders_int in ext/phar/tar.c has a buffer
8.1
HIGH
CVE-2019-9641
< 7.1.27
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an unini
9.8
CRITICAL
CVE-2019-9640
>= 7.1.0 and < 7.1.27
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Inval
7.5
HIGH
CVE-2019-9639
< 7.1.27
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an unini
7.5
HIGH
CVE-2019-9638
< 7.1.27
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an unini
7.5
HIGH
CVE-2019-9637
< 7.1.27
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesyst
7.5
HIGH
CVE-2019-9025
>= 7.3.0 and < 7.3.1
An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function
9.8
CRITICAL
CVE-2019-9024
< 5.6.40
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. xmlrpc_decode() can
7.5
HIGH
CVE-2019-9023
< 5.6.40
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A number of heap-bas
9.8
CRITICAL
CVE-2019-9022
>= 7.0.0 and < 7.1.26
An issue was discovered in PHP 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.2. dns_get_record misparses a DNS resp
7.5
HIGH
CVE-2019-9021
< 5.6.40
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. A heap-based buffer
9.8
CRITICAL
CVE-2019-9020
< 5.6.40
An issue was discovered in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1. Invalid input to the
9.8
CRITICAL
CVE-2018-20783
< 5.6.39
In PHP before 5.6.39, 7.x before 7.0.33, 7.1.x before 7.1.25, and 7.2.x before 7.2.13, a buffer over-read in PHAR reading function
7.5
HIGH
CVE-2019-6977
< 5.6.40
gdImageColorMatch in gd_color_match.c in the GD Graphics Library (aka LibGD) 2.2.5, as used in the imagecolormatch function in PHP
8.8
HIGH
CVE-2018-19935
>= 5.6.0 and < 5.6.39
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference
7.5
HIGH
CVE-2018-19520
>= 5.0.0 and <= 5.6.38
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attemp
8.8
HIGH
CVE-2018-19518
>= 5.6.0 and <= 5.6.38
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by
7.5
HIGH
CVE-2018-19396
>= 5.0.0 and <= 7.1.24
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an
7.5
HIGH
CVE-2018-19395
>= 5.0.0 and <= 7.1.24
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference an
7.5
HIGH
CVE-2018-17082
< 5.6.38
The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the b
6.1
MEDIUM
CVE-2018-15132
< 5.6.37
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x bef
7.5
HIGH
CVE-2018-14884
>= 7.0.0 and < 7.0.27
An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP r
7.5
HIGH
CVE-2018-14883
< 5.6.37
An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflo
7.5
HIGH
CVE-2018-14851
<= 5.6.36
exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before
5.5
MEDIUM
CVE-2017-9120
>= 7.0.0 and <= 7.1.5
PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly hav
9.8
CRITICAL
CVE-2017-9118
>= 7.4.0 and < 7.4.27
PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.
7.5
HIGH
CVE-2018-12882
>= 7.2.0 and <= 7.2.7
exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_
9.8
CRITICAL
CVE-2018-10549
< 5.6.36
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in
8.8
HIGH
CVE-2018-10548
< 5.6.36
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c al
7.5
HIGH
CVE-2018-10547
< 5.6.36
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before
6.1
MEDIUM
CVE-2018-10546
< 5.6.36
An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop e
7.5
HIGH
CVE-2018-10545
< 5.6.35
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child
4.7
MEDIUM
CVE-2018-7584
<= 5.6.33
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-rea
9.8
CRITICAL
CVE-2015-9253
< 7.1.20
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restart
6.5
MEDIUM
CVE-2016-10712
<= 5.5.31
In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of stream_get_meta_data can be controlle
7.5
HIGH
CVE-2018-5712
<= 5.6.32
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected
6.1
MEDIUM
CVE-2018-5711
<= 5.6.32
gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.
5.5
MEDIUM
CVE-2017-16642
< 5.6.32
In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'f
7.5
HIGH
CVE-2017-12934
all versions
ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before 7.1.7 is prone to a heap use after free while unseria
7.5
HIGH
CVE-2017-12933
<= 5.6.30
The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.
9.8
CRITICAL
CVE-2017-12932
all versions
ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through 7.1.8 is prone to a heap use after free while unser
9.8
CRITICAL
CVE-2017-7890
<= 5.6.30
The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6
6.5
MEDIUM
CVE-2017-11628
<= 5.6.30
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in
7.8
HIGH
CVE-2017-11362
all versions
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which a
9.8
CRITICAL
CVE-2017-11147
< 5.6.30
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files
9.1
CRITICAL
CVE-2017-11145
<= 5.6.30
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code co
7.5
HIGH
CVE-2017-11144
<= 5.6.30
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return v
7.5
HIGH
CVE-2017-11143
<= 5.6.30
In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject
7.5
HIGH
CVE-2017-11142
<= 5.6.30
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service
7.5
HIGH
CVE-2016-10397
<= 5.6.27
In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attack
7.5
HIGH
CVE-2016-4473
all versions
/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an
9.8
CRITICAL
CVE-2017-9229
>= 5.6.0 and < 5.6.31
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SI
7.5
HIGH
CVE-2017-9228
>= 5.6.0 and < 5.6.31
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A he
9.8
CRITICAL
CVE-2017-9227
>= 5.6.0 and < 5.6.31
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A st
9.8
CRITICAL
CVE-2017-9226
< 5.6.31
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A he
9.8
CRITICAL
CVE-2017-9225
<= 7.1.5
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A st
9.8
CRITICAL
CVE-2017-9224
< 5.6.31
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A st
9.8
CRITICAL
CVE-2017-9119
all versions
The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 allows attackers to cause a denial of service (memory consumpti
9.8
CRITICAL
CVE-2017-9067
all versions
In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web ser
7.0
HIGH
CVE-2017-8923
< 7.4.24
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result
9.8
CRITICAL
CVE-2016-5399
<= 5.5.37
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to ca
7.8
HIGH
CVE-2017-7963
<= 7.1.4
The GNU Multiple Precision Arithmetic Library (GMP) interfaces for PHP through 7.1.4 allow attackers to cause a denial of service
7.5
HIGH
CVE-2017-6441
all versions
The _zval_get_long_func_ex in Zend/zend_operators.c in PHP 7.1.2 allows attackers to cause a denial of service (NULL pointer deref
7.5
HIGH
CVE-2017-7272
<= 7.1.3
PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expecta
7.4
HIGH
CVE-2015-8994
>= 5.0.0 and <= 5.6.29
An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. Wi
7.5
HIGH
CVE-2017-5630
all versions
PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a
7.5
HIGH
CVE-2016-10162
all versions
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to
7.5
HIGH
CVE-2016-10161
<= 5.6.29
The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 a
7.5
HIGH
CVE-2016-10160
>= 5.6.0 and < 5.6.30
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote
9.8
CRITICAL
CVE-2016-10159
<= 5.6.29
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote
7.5
HIGH
CVE-2016-10158
<= 5.6.29
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows r
7.5
HIGH
CVE-2016-7479
all versions
In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead
9.8
CRITICAL
CVE-2016-7480
>= 7.0.0 and < 7.0.11
The SplObjectStorage unserialize implementation in ext/spl/spl_observer.c in PHP before 7.0.12 does not verify that a key is an ob
9.8
CRITICAL
CVE-2017-5340
>= 7.0.0 and < 7.0.15
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which
9.8
CRITICAL
CVE-2016-7478
all versions
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of serv
7.5
HIGH
CVE-2016-9936
all versions
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service
9.8
CRITICAL
CVE-2016-9935
<= 5.6.28
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause
9.8
CRITICAL
CVE-2016-9934
<= 5.6.27
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dere
7.5
HIGH
CVE-2016-9138
<= 5.6.27
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attacke
9.8
CRITICAL
CVE-2016-9137
<= 5.6.26
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 all
9.8
CRITICAL
CVE-2014-9912
<= 5.3.28
The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x b
9.8
CRITICAL
CVE-2016-7568
>= 5.6.0 and <= 5.6.26
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP
9.8
CRITICAL
CVE-2016-7418
<= 5.6.25
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause
7.5
HIGH
CVE-2016-7417
<= 5.6.25
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return
9.8
CRITICAL
CVE-2016-7416
<= 5.6.25
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length prov
7.5
HIGH
CVE-2016-7414
<= 5.6.25
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize f
9.8
CRITICAL
CVE-2016-7413
<= 5.6.25
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allo
9.8
CRITICAL
CVE-2016-7412
<= 5.6.25
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FL
8.1
HIGH
CVE-2016-7411
<= 5.6.25
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to
9.8
CRITICAL
CVE-2016-7134
all versions
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to ca
9.8
CRITICAL
CVE-2016-7133
all versions
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote
8.1
HIGH
CVE-2016-7132
<= 5.6.24
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dere
7.5
HIGH
CVE-2016-7131
<= 5.6.24
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dere
7.5
HIGH
CVE-2016-7130
<= 5.6.24
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a
7.5
HIGH
CVE-2016-7129
<= 5.6.24
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause
9.8
CRITICAL
CVE-2016-7128
<= 5.6.24
The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumb
5.3
MEDIUM
CVE-2016-7127
<= 5.6.24
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values,
9.8
CRITICAL
CVE-2016-7126
<= 5.6.24
The imagetruecolortopalette function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate the numb
9.8
CRITICAL
CVE-2016-7125
<= 5.6.24
ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect pars
7.5
HIGH
CVE-2016-7124
<= 5.6.24
ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote
9.8
CRITICAL
CVE-2016-6207
>= 5.5.0 and < 5.5.38
Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allow
6.5
MEDIUM
CVE-2016-5773
<= 5.5.36
php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 improperly interacts with the unser
9.8
CRITICAL
CVE-2016-5772
< 5.5.37
Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in PHP before 5.5.37, 5.6.x before
9.8
CRITICAL
CVE-2016-5771
< 5.5.37
spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts with the unserialize implementa
9.8
CRITICAL
CVE-2016-5770
< 5.5.37
Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP before 5.5.37 and 5.6.x befor
9.8
CRITICAL
CVE-2016-5769
<= 5.5.36
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 all
9.8
CRITICAL
CVE-2016-5768
<= 5.5.36
Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mbstring extension in PHP before
9.8
CRITICAL
CVE-2016-5114
<= 5.5.30
sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets the semantics of the snprintf
9.1
CRITICAL
CVE-2016-5096
<= 5.5.35
Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remote attackers
8.6
HIGH
CVE-2016-5095
<= 5.5.35
Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 a
8.6
HIGH
CVE-2016-5094
<= 5.5.36
Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5.6.x before 5.6.22 allows remo
8.6
HIGH
CVE-2016-5093
<= 5.5.35
The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x before 5.6.22, and 7.x before
8.6
HIGH
CVE-2016-3132
all versions
Double free vulnerability in the SplDoublyLinkedList::offsetSet function in ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows re
9.8
CRITICAL
CVE-2016-3078
>= 7.0.0 and < 7.0.6
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of servi
9.8
CRITICAL
CVE-2015-8935
<= 5.4.37
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated l
6.1
MEDIUM
CVE-2016-6297
<= 5.5.37
Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x
8.8
HIGH
CVE-2016-6296
<= 5.5.37
Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5
9.8
CRITICAL
CVE-2016-6295
<= 5.5.37
ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implemen
9.8
CRITICAL
CVE-2016-6294
<= 5.5.37
The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before
9.8
CRITICAL
CVE-2016-6292
<= 5.5.37
The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows r
6.5
MEDIUM
CVE-2016-6291
<= 5.5.37
The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allo
9.8
CRITICAL
CVE-2016-6290
<= 5.5.37
ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash da
9.8
CRITICAL
CVE-2016-6289
<= 5.5.37
Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x bef
7.8
HIGH
CVE-2016-6288
<= 5.5.37
The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buf
9.8
CRITICAL
CVE-2016-5385
>= 5.5.0 and < 5.5.38
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applicati
8.1
HIGH
CVE-2016-6174
<= 5.4.23
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB,
8.1
HIGH
CVE-2016-4544
>= 5.5.0 and < 5.5.35
The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not
9.8
CRITICAL
CVE-2016-4543
<= 5.5.34
The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not
9.8
CRITICAL
CVE-2016-4542
<= 5.5.34
The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not prop
9.8
CRITICAL
CVE-2016-4541
<= 5.5.34
The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.
9.8
CRITICAL
CVE-2016-4540
<= 5.5.34
The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0
9.8
CRITICAL
CVE-2016-4539
<= 5.5.34
The xml_parse_into_struct function in ext/xml/xml.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote
9.8
CRITICAL
CVE-2016-4538
<= 5.5.33
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data
9.8
CRITICAL
CVE-2016-4537
<= 5.5.34
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 accepts a negative in
9.8
CRITICAL
CVE-2016-4346
>= 7.0.0 and < 7.0.4
Integer overflow in the str_pad function in ext/standard/string.c in PHP before 7.0.4 allows remote attackers to cause a denial of
9.8
CRITICAL
CVE-2016-4345
>= 7.0.0 and < 7.0.4
Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attack
9.8
CRITICAL
CVE-2016-4344
>= 7.0.0 and < 7.0.4
Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in PHP before 7.0.4 allows remote attackers to cause a denial of
9.8
CRITICAL
CVE-2016-4343
< 5.5.36
The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongL
8.8
HIGH
CVE-2016-4342
<= 5.5.31
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, w
8.8
HIGH
CVE-2015-8880
all versions
Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by t
9.8
CRITICAL
CVE-2015-8879
< 5.5.38
The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which
7.5
HIGH
CVE-2015-8878
>= 5.5.0 and < 5.5.28
main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before 5.6.12 does not ensure thread safety, which allows remote att
5.9
MEDIUM
CVE-2015-8877
<= 5.6.11
The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before
7.5
HIGH
CVE-2015-8876
>= 5.4.0 and < 5.4.44
Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception obje
9.8
CRITICAL
CVE-2015-8867
>= 5.4.0 and < 5.4.44
The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.
7.5
HIGH
CVE-2015-8866
>= 5.5.0 and < 5.5.22
ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_di
9.6
CRITICAL
CVE-2014-9767
<= 5.4.45
Directory traversal vulnerability in the ZipArchive::extractTo function in ext/zip/php_zip.c in PHP before 5.4.45, 5.5.x before 5.
4.3
MEDIUM
CVE-2016-4073
all versions
Multiple integer overflows in the mbfl_strcut function in ext/mbstring/libmbfl/mbfl/mbfilter.c in PHP before 5.5.34, 5.6.x before
9.8
CRITICAL
CVE-2016-4072
all versions
The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary co
9.8
CRITICAL
CVE-2016-4071
all versions
Format string vulnerability in the php_snmp_error function in ext/snmp/snmp.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x b
9.8
CRITICAL
CVE-2016-4070
<= 5.5.33
Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x befor
7.5
HIGH
CVE-2015-8865
<= 5.5.33
The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5
7.3
HIGH
CVE-2016-3185
<= 5.4.43
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x
7.1
HIGH
CVE-2016-2554
<= 5.5.31
Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 allows remote attack
9.8
CRITICAL
CVE-2015-8874
<= 5.6.11
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imag
7.5
HIGH
CVE-2015-8873
< 5.4.44
Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow
7.5
HIGH
CVE-2015-8838
<= 5.4.42
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL
5.9
MEDIUM
CVE-2015-8835
<= 5.4.43
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does
9.8
CRITICAL
CVE-2015-6838
<= 5.4.44
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, w
7.5
HIGH
CVE-2015-6837
<= 5.4.44
The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, w
7.5
HIGH
CVE-2015-6835
<= 5.4.44
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserializ
9.8
CRITICAL
CVE-2015-6834
<= 5.4.44
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers
9.8
CRITICAL
CVE-2015-5589
<= 5.4.42
The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 do
9.8
CRITICAL
CVE-2015-4644
<= 5.4.41
The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and
7.5
HIGH
CVE-2015-4643
< 5.4.42
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 a
9.8
CRITICAL
CVE-2015-4642
<= 5.4.41
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows a
9.8
CRITICAL
CVE-2015-4605
<= 5.4.39
The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.
7.5
HIGH
CVE-2015-4604
<= 5.4.39
The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6
7.5
HIGH
CVE-2015-4603
<= 5.4.39
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6
9.8
CRITICAL
CVE-2015-4602
<= 5.4.39
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before
9.8
CRITICAL
CVE-2015-4601
<= 5.6.6
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code
9.8
CRITICAL
CVE-2015-4600
<= 5.4.39
The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a
9.8
CRITICAL
CVE-2015-4599
<= 5.4.39
The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remot
9.8
CRITICAL
CVE-2015-4598
<= 5.4.41
PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might all
6.5
MEDIUM
CVE-2015-4116
<= 5.5.26
Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.1
9.8
CRITICAL
CVE-2015-3412
<= 5.4.39
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allo
5.3
MEDIUM
CVE-2015-3411
<= 5.4.39
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allo
6.5
MEDIUM
CVE-2015-3152
>= 5.4.0 and < 5.4.43
Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl opt
5.9
MEDIUM
CVE-2014-0236
<= 5.5.35
file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NUL
7.5
HIGH
CVE-2016-3074
>= 5.5.0 and < 5.5.35
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (
9.8
CRITICAL
CVE-2016-3142
<= 5.5.32
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attacker
8.2
HIGH
CVE-2016-3141
<= 5.5.32
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers
9.8
CRITICAL
CVE-2016-1904
all versions
Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or p
7.3
HIGH
CVE-2016-1903
<= 5.5.30
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x befor
9.1
CRITICAL
CVE-2015-8617
all versions
Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote a
9.8
CRITICAL
CVE-2015-8616
all versions
Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0
8.6
HIGH
CVE-2015-6836
<= 5.4.44
The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not proper
7.3
HIGH
CVE-2015-6833
<= 5.4.43
Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows
7.5
HIGH
CVE-2015-6832
<= 5.4.43
Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.2
7.3
HIGH
CVE-2015-6831
< 5.4.44
Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote att
7.3
HIGH
CVE-2015-6527
all versions
The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitr
7.3
HIGH
CVE-2015-5590
<= 5.4.42
Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.
7.3
HIGH
CVE-2016-1283
>= 5.6.0 and < 5.6.32
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\
9.8
CRITICAL
CVE-2015-7804
<= 5.5.29
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote a
CVE-2015-7803
<= 5.5.29
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause
CVE-2015-8394
>= 5.5.0 and < 5.5.32
PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of serv
9.8
CRITICAL
CVE-2015-8393
>= 5.5.0 and < 5.5.32
pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive inf
7.5
HIGH
CVE-2015-8391
>= 5.5.0 and < 5.5.32
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to ca
9.8
CRITICAL
CVE-2015-8390
>= 5.5.0 and < 5.5.32
PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of serv
9.8
CRITICAL
CVE-2015-8389
>= 5.5.0 and < 5.5.32
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of s
9.8
CRITICAL
CVE-2015-8387
>= 5.5.0 and < 5.5.32
PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial
7.3
HIGH
CVE-2015-8386
>= 5.5.0 and < 5.5.32
PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attac
9.8
CRITICAL
CVE-2015-8383
>= 5.5.0 and < 5.5.32
PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffe
9.8
CRITICAL
CVE-2015-4148
<= 5.4.38
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify tha
CVE-2015-4147
<= 5.4.38
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify
CVE-2015-4026
<= 5.4.40
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encounte
CVE-2015-4025
<= 5.4.40
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain
CVE-2015-4024
<= 5.4.40
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before
CVE-2015-4022
<= 5.4.40
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 al
CVE-2015-4021
<= 5.4.40
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verif
CVE-2015-3330
<= 5.4.39
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8,
CVE-2015-3329
<= 5.4.39
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24,
CVE-2015-3307
<= 5.4.39
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remot
CVE-2015-2783
<= 5.4.39
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive info
CVE-2015-3416
>= 5.4.0 and < 5.4.42
The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floatin
CVE-2015-3415
>= 5.4.0 and < 5.4.42
The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows conte
CVE-2015-3414
>= 5.4.0 and < 5.4.42
SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attacker
CVE-2015-2787
<= 5.4.38
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x b
CVE-2015-2348
<= 5.4.38
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x befor
CVE-2015-2331
<= 5.4.38
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP b
CVE-2015-2305
>= 5.4.0 and < 5.4.39
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platfo
CVE-2015-2301
>= 5.4.0 and < 5.4.40
Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allo
CVE-2015-1352
< 5.4.40
The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extra
CVE-2015-1351
< 5.5.24
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.
CVE-2015-0273
<= 5.4.37
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 a
CVE-2014-9709
>= 5.4.0 and < 5.4.40
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote a
CVE-2014-9705
<= 5.4.37
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before
CVE-2014-9653
<= 5.4.36
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5
CVE-2014-9652
<= 5.4.36
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5
CVE-2013-6501
<= 5.6.7
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /
CVE-2015-0235
>= 5.4.0 and < 5.4.38
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows con
CVE-2015-0232
<= 5.4.36
The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remo
CVE-2015-0231
<= 5.4.36
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x b
CVE-2014-9427
all versions
sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used t
CVE-2014-9426
<= 5.6.4
The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free op
7.3
HIGH
CVE-2014-9425
<= 5.5.20
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20
CVE-2014-8142
<= 5.4.35
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x b
CVE-2014-8626
<= 5.2.6
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote a
CVE-2014-3710
>= 5.4.0 and < 5.4.35
The donote function in readelf.c in file through 5.20, as used in the Fileinfo component in PHP 5.4.34, does not ensure that suffi
CVE-2014-3670
<= 5.4.33
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2
CVE-2014-3669
<= 5.4.33
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5
CVE-2014-3668
<= 5.4.33
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in
CVE-2014-5459
<= 5.6.0
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack o
CVE-2014-5120
all versions
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences,
CVE-2014-3597
<= 5.4.31
Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 and 5.5.x before 5.5.16 allow rem
CVE-2014-3587
<= 5.4.31
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP be
CVE-2014-4698
>= 5.4.0 and < 5.4.32
Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers
CVE-2014-4670
<= 5.5.14
Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in PHP through 5.5.14 allows context-dependent attackers
CVE-2014-3515
< 5.3.29
The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 incorrectly anticipates that certain data structures will have the
CVE-2014-3487
< 5.3.29
The cdf_read_property_info function in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5
CVE-2014-3480
< 5.3.29
The cdf_count_chain function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before
6.5
MEDIUM
CVE-2014-3479
< 5.3.29
The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.
CVE-2014-3478
<= 5.4.29
Buffer overflow in the mconvert function in softmagic.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.3
6.5
MEDIUM
CVE-2014-0207
< 5.3.29
The cdf_read_short_sector function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x
6.5
MEDIUM
CVE-2014-4721
>= 5.3.0 and < 5.3.29
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string d
CVE-2014-3538
>= 5.4.0 and < 5.4.32
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause
CVE-2014-4049
>= 5.3.0 and < 5.3.29
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers t
CVE-2014-3981
< 5.3.29
acinclude.m4, as used in the configure script in PHP 5.5.13 and earlier, allows local users to overwrite arbitrary files via a sym
CVE-2014-0238
< 5.3.29
The cdf_read_property_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote
CVE-2014-0237
< 5.3.29
The cdf_unpack_summary_info function in cdf.c in the Fileinfo component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote
CVE-2014-0185
>= 5.3.0 and < 5.3.28
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions fo
CVE-2013-7345
>= 5.4.0 and < 5.4.27
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with
CVE-2014-2497
< 5.4.32
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denia
CVE-2014-2270
< 5.4.26
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory
CVE-2014-1943
>= 5.4.0 and < 5.4.26
Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, a
CVE-2014-2020
<= 5.5.8
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive informatio
CVE-2013-7328
all versions
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to
CVE-2013-7327
<= 5.5.8
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to c
CVE-2013-7226
all versions
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of
CVE-2012-1171
all versions
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrar
CVE-2013-6420
<= 5.3.27
The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does n
CVE-2013-6712
< 5.3.29
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval o
CVE-2013-1824
< 5.3.22
The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file
CVE-2013-4248
<= 5.4.17
The openssl_x509_parse function in openssl.c in the OpenSSL module in PHP before 5.4.18 and 5.5.x before 5.5.2 does not properly h
CVE-2011-4718
<= 5.5.1
Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by spe
CVE-2013-4113
>= 5.3.0 and < 5.3.27
ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing depth, which allows remote attackers to cause a denial of se
CVE-2013-4636
all versions
The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a
CVE-2013-4635
<= 5.3.25
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 al
CVE-2013-2110
<= 5.3.25
Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x befor
CVE-2013-3735
<= 5.4.15
The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 before RC2, does not properly determine whether a parser error occurred, which
7.5
HIGH
CVE-2013-1643
<= 5.3.21
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file
CVE-2013-1635
<= 5.3.21
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir di
CVE-2012-6113
all versions
The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which al
CVE-2012-5381
all versions
Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory
CVE-2012-4388
>= 5.3.0 and < 5.3.11
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %
CVE-2011-1398
<= 5.3.10
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka ca
CVE-2012-3450
<= 5.3.13
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the quer
CVE-2012-3365
<= 5.3.14
The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecif
CVE-2012-2688
<= 5.3.14
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5
CVE-2012-2386
<= 5.3.13
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 all
CVE-2012-2143
< 5.3.14
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, doe
CVE-2012-1172
<= 5.3.10
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) character
CVE-2012-2376
<= 5.4.3
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrar
CVE-2012-2336
<= 5.3.12
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly
CVE-2012-2335
all versions
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism i
CVE-2012-2329
all versions
Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to
CVE-2012-2311
<= 5.3.12
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly
CVE-2012-1823
< 5.3.12
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly
9.8
CRITICAL
CVE-2012-0789
<= 5.3.8
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consump
CVE-2012-0788
<= 5.3.8
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers t
CVE-2012-0831
<= 5.3.10
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environme
CVE-2012-0830
all versions
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a requ
CVE-2012-0057
<= 5.3.8
PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSL
CVE-2012-0781
all versions
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and ap
CVE-2011-4153
all versions
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denia
CVE-2011-4885
<= 5.3.8
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably,
CVE-2011-4566
>= 5.3.0 and < 5.3.9
Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows
CVE-2011-3379
all versions
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to
CVE-2011-3268
<= 5.3.6
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a l
CVE-2011-3267
<= 5.3.6
PHP before 5.3.7 does not properly implement the error_log function, which allows context-dependent attackers to cause a denial of
CVE-2011-3189
all versions
The crypt function in PHP 5.3.7, when the MD5 hash type is used, returns the value of the salt argument instead of the hashed stri
CVE-2011-3182
<= 5.3.6
PHP before 5.3.7 does not properly check the return values of the malloc, calloc, and realloc library functions, which allows cont
CVE-2011-2483
< 5.3.7
crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain platforms, PostgreSQL before 8.4.9, and other products, does not
CVE-2011-1657
all versions
The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent att
CVE-2011-2202
<= 5.3.6
The rfc1867_post_handler function in main/rfc1867.c in PHP before 5.3.7 does not properly restrict filenames in multipart/form-dat
CVE-2011-1938
all versions
Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context
CVE-2011-0441
all versions
The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows local users to delete arbitrary files via a symlink attack on
CVE-2011-1471
< 5.2.11
Integer signedness error in zip_stream.c in the Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a de
CVE-2011-1470
<= 5.3.5
The Zip extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via a zi
CVE-2011-1469
<= 5.3.5
Unspecified vulnerability in the Streams component in PHP before 5.3.6 allows context-dependent attackers to cause a denial of ser
CVE-2011-1468
<= 5.3.5
Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 might allow remote attackers to cause a denial of service (memo
CVE-2011-1467
<= 5.3.5
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5
CVE-2011-1466
<= 5.3.5
Integer overflow in the SdnToJulian function in the Calendar extension in PHP before 5.3.6 allows context-dependent attackers to c
CVE-2011-1464
<= 5.3.5
Buffer overflow in the strval function in PHP before 5.3.6, when the precision configuration option has a large value, might allow
CVE-2011-0708
<= 5.3.5
exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms performs an incorrect cast, which allows remote attackers to
CVE-2011-0421
<= 5.3.5
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE:
CVE-2011-1148
<= 5.3.6
Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a
CVE-2011-1153
<= 5.3.5
Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent att
CVE-2011-1092
<= 5.3.5
Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (crash)
CVE-2011-1144
<= 1.9.2
The installer in PEAR 1.9.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the package.xml fi
CVE-2011-1072
<= 1.9.1
The installer in PEAR before 1.9.2 allows local users to overwrite arbitrary files via a symlink attack on the package.xml file, r
CVE-2011-0420
all versions
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attacker
CVE-2011-0755
<= 5.3.3
Integer overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the r
CVE-2011-0754
<= 5.3.3
The SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly det
CVE-2011-0753
<= 5.3.3
Race condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependen
CVE-2011-0752
<= 5.2.14
The extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superg
CVE-2010-4700
all versions
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with u
CVE-2010-4699
<= 5.3.3
The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unre
CVE-2010-4698
all versions
Stack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to
CVE-2010-4697
<= 5.2.14
Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attacker
CVE-2006-7243
<= 5.3.3
PHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access r
CVE-2010-4645
all versions
strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 and 5.3 before 5.3.5, and other products, allows context-de
CVE-2010-4150
all versions
Double free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.
CVE-2010-4409
<= 5.3.3
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-depend
CVE-2009-5016
<= 5.2.10
Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to byp
CVE-2010-3870
< 5.2.14
The utf8_decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences
CVE-2010-3709
>= 5.2.0 and < 5.2.15
The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3 allows context-dependent attackers
CVE-2010-3436
>= 5.2.0 and < 5.2.15
fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote attackers to bypass open_basedir restrictions via vectors related t
CVE-2010-3710
all versions
Stack consumption vulnerability in the filter_var function in PHP 5.2.x through 5.2.14 and 5.3.x through 5.3.3, when FILTER_VALIDA
CVE-2010-2950
all versions
Format string vulnerability in stream.c in the phar extension in PHP 5.3.x through 5.3.3 allows context-dependent attackers to obt
CVE-2010-2531
>= 5.2.0 and < 5.2.14
The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal err
CVE-2010-2484
all versions
The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent attackers to obtain sensitive information (memory contents)
CVE-2010-3065
all versions
The default session serializer in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 does not properly handle the PS_UNDEF_MARKER marker
CVE-2010-3064
all versions
Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows contex
CVE-2010-3063
all versions
The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buff
CVE-2010-3062
all versions
mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via
CVE-2010-2225
all versions
Use-after-free vulnerability in the SplObjectStorage unserializer in PHP 5.2.x and 5.3.x through 5.3.2 allows remote attackers to
CVE-2010-2191
all versions
The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN
CVE-2010-2190
all versions
The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context
CVE-2010-2101
all versions
The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) str_word_count, and (6) str_pad functions in PHP 5.2 through 5.2.
CVE-2010-2100
all versions
The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) http_build_query, (5) strpbrk, and (6) strtr functions in PHP 5.2
CVE-2010-2097
all versions
The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 a
CVE-2010-2094
all versions
Multiple format string vulnerabilities in the phar extension in PHP 5.3 before 5.3.2 allow context-dependent attackers to obtain s
CVE-2010-2093
all versions
Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-de
CVE-2010-1917
all versions
Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to cause a deni
CVE-2010-1915
all versions
The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive inf
CVE-2010-1914
all versions
The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive information
CVE-2010-1868
all versions
The (1) sqlite_single_query and (2) sqlite_array_query functions in ext/sqlite/sqlite.c in PHP 5.2 through 5.2.13 and 5.3 through
CVE-2010-1866
>= 5.3.0 and <= 5.3.2
The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP chunked encoding stream, allows context-dependent attackers to
9.8
CRITICAL
CVE-2010-1864
all versions
The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive in
CVE-2010-1862
all versions
The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensitive in
CVE-2010-1861
all versions
The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to write to arbitrary me
CVE-2010-1860
all versions
The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows context-dependent attackers to obtain sensi
CVE-2010-1130
<= 5.2.12
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the ar
CVE-2010-1129
all versions
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) char
CVE-2010-1128
<= 5.2.12
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for cont
CVE-2010-0397
all versions
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode
CVE-2009-4418
<= 5.3.0
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consum
CVE-2009-4143
<= 5.2.11
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt
CVE-2009-4142
<= 5.2.11
The htmlspecialchars function in PHP before 5.2.12 does not properly handle (1) overlong UTF-8 sequences, (2) invalid Shift_JIS se
CVE-2009-2626
<= 5.2.10
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers
CVE-2009-4018
<= 5.2.10
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_
CVE-2009-4017
< 5.2.12
PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number of temporary files created when handling a multipart/form-da
CVE-2009-3559
all versions
main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows contex
CVE-2009-3558
<= 5.2.10
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to b
CVE-2009-3557
<= 5.2.11
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypa
CVE-2009-3546
all versions
The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before 5.3.1, and the GD Graphics Library 2.x, does not properly veri
CVE-2009-3294
>= 5.2.0 and < 5.2.11
The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating
CVE-2009-3293
<= 5.2.10
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related
CVE-2009-3292
<= 5.2.10
Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing
CVE-2009-3291
<= 5.2.10
The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which ha
CVE-2008-7068
all versions
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) vi
CVE-2008-7002
all versions
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin