Latest php php Vulnerabilities

CVE-2024-1874
Command injection via array-ish $command parameter of proc_open()
PHP PHP<8.1.28
CVE-2024-3096
PHP function password_verify can erroneously return true when argument contains NUL
PHP PHP<8.1.28
ubuntu/php7.0<7.0.33-0ubuntu0.16.04.16+
ubuntu/php7.2<7.2.24-0ubuntu0.18.04.17+
ubuntu/php7.4<7.4.3-4ubuntu2.22
ubuntu/php8.1<8.1.2-1ubuntu2.17
ubuntu/php8.1<8.1.28
and 7 more
CVE-2024-2757
PHP mb_encode_mimeheader runs endlessly for some inputs
PHP PHP<8.3.6
CVE-2024-2756
__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
PHP PHP<8.1.28
ubuntu/php7.0<7.0.33-0ubuntu0.16.04.16+
ubuntu/php7.2<7.2.24-0ubuntu0.18.04.17+
ubuntu/php7.4<7.4.3-4ubuntu2.22
ubuntu/php8.1<8.1.2-1ubuntu2.17
ubuntu/php8.1<8.1.28
and 7 more
CVE-2023-3823
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are ...
PHP PHP>=8.0.0<8.0.30
PHP PHP>=8.1.0<8.1.22
PHP PHP>=8.2.0<8.2.8
PHP PHP<8.0.30
PHP PHP>=8.2.0<8.2.9
Fedoraproject Fedora=38
and 13 more
CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer o...
PHP PHP>=8.0.0<8.0.30
PHP PHP>=8.1.0<8.1.22
PHP PHP>=8.2.0<8.2.8
PHP PHP<8.0.30
PHP PHP>=8.2.0<8.2.9
Fedoraproject Fedora=38
and 13 more
CVE-2023-3247
Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP). (CVE-2023-3247)
PHP PHP>=8.0.0<8.0.29
PHP PHP>=8.1.0<8.1.20
PHP PHP>=8.2.0<8.2.7
PHP PHP<8.0.29
ubuntu/php7.4<7.4.3-4ubuntu2.19
ubuntu/php8.1<8.1.2-1ubuntu2.13
and 12 more
CVE-2022-4900
Potential buffer overflow in php_cli_server_startup_workers
PHP PHP
Redhat Software Collections
PHP PHP=8.1.0
Redhat Linux=9.0
PHP PHP=8.0.0
Redhat Linux=8.0
and 14 more
CVE-2023-0662
Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)
PHP PHP>=8.0.0<8.0.28
PHP PHP>=8.1.0<8.1.16
PHP PHP>=8.2.0<8.2.3
PHP PHP<8.0.28
ubuntu/php7.0<7.0.33-0ubuntu0.16.04.16+
ubuntu/php7.2<7.2.24-0ubuntu0.18.04.17
and 8 more
CVE-2023-0568
Fixed bug (1-byte array overrun in common path resolve code). (CVE-2023-0568)
PHP PHP>=8.0.0<8.0.28
PHP PHP>=8.1.0<8.1.16
PHP PHP>=8.2.0<8.2.3
PHP PHP<8.2.3
ubuntu/php7.0<7.0.33-0ubuntu0.16.04.16+
ubuntu/php7.2<7.2.24-0ubuntu0.18.04.17
and 8 more
CVE-2023-0567
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password d...
PHP PHP>=8.0.0<8.0.28
PHP PHP>=8.1.0<8.1.16
PHP PHP>=8.2.0<8.2.3
PHP PHP<8.2.3
ubuntu/php7.0<8.0.28<8.1.16<8.2.3
ubuntu/php7.0<7.0.33-0ubuntu0.16.04.16+
and 9 more
CVE-2022-31631
Fixed bug (PDO::quote() may return unquoted string). (CVE-2022-31631)
PHP PHP<8.0.27
ubuntu/php7.0<7.0.33-0ubuntu0.16.04.16+
ubuntu/php7.2<7.2.24-0ubuntu0.18.04.16
ubuntu/php7.4<7.4.3-4ubuntu2.17
ubuntu/php8.1<8.1.2-1ubuntu2.10
ubuntu/php8.1<8.1.7-1ubuntu3.2
and 5 more
CVE-2022-31630
OOB read due to insufficient input validation in imageloadfont()
PHP PHP>=7.4.0<7.4.33
PHP PHP>=8.0.0<8.0.25
PHP PHP>=8.1.0<8.1.12
PHP PHP<8.0.25
ubuntu/php7.4<7.4.3-4ubuntu2.15
ubuntu/php8.1<8.1.2-1ubuntu2.8
and 5 more
CVE-2022-37454
Fixed bug : buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
debian/pysha3<=1.0.2-2<=1.0.2-4.1<=1.0.2-4.2
Extended Keccak Code Package Project Extended Keccak Code Package
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=35
Fedoraproject Fedora=36
and 37 more
CVE-2022-31629
$_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities
PHP PHP<7.4.31
PHP PHP>=8.0.0<8.0.24
PHP PHP>=8.1.0<8.1.11
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
and 12 more
CVE-2022-31628
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
PHP PHP<7.4.31
PHP PHP>=8.0.0<8.0.24
PHP PHP>=8.1.0<8.1.11
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Fedoraproject Fedora=37
and 12 more
CVE-2022-31627
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated...
<8.1.8
PHP PHP>=8.1.0<8.1.8
CVE-2022-31626
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password...
<8.0.20
PHP PHP>=7.4.0<7.4.30
PHP PHP>=8.0.0<8.0.20
PHP PHP>=8.1.0<8.1.7
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 2 more
CVE-2022-31625
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting...
<8.0.20
PHP PHP>=7.4.0<7.4.30
PHP PHP>=8.0.0<8.0.20
PHP PHP>=8.1.0<8.1.7
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 2 more
CVE-2021-21708
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibi...
<8.1.3
PHP PHP>=7.4.0<7.4.28
PHP PHP>=8.0.0<8.0.16
PHP PHP>=8.1.0<8.1.3
debian/php7.3
debian/php7.4
CVE-2021-21707
Fixed bug (special character is breaking the path in xml function). (CVE-2021-21707)
PHP PHP>=7.3.0<7.3.33
PHP PHP>=7.4.0<7.4.26
PHP PHP>=8.0.0<8.0.13
NetApp Clustered Data ONTAP
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 10 more
CVE-2021-21703
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running a...
<8.0.12
PHP PHP>=7.3.0<=7.3.31
PHP PHP>=7.4.0<7.4.25
PHP PHP>=8.0.0<8.0.12
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 8 more
CVE-2021-21706
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when ...
PHP PHP>=7.3.0<7.3.31
PHP PHP>=7.4.0<7.4.24
PHP PHP>=8.0.0<8.0.11
Microsoft Windows
<8.1.0
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid ...
PHP PHP>=7.3.0<7.3.29
PHP PHP>=7.4.0<7.4.21
PHP PHP>=8.0.0<8.0.8
NetApp Clustered Data ONTAP
Oracle SD-WAN Aware=8.2
PHP PHP<8.0.8
CVE-2021-21704
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, s...
PHP PHP<8.0.8
PHP PHP>=7.3.0<7.3.29
PHP PHP>=7.4.0<7.4.21
PHP PHP>=8.0.0<8.0.8
NetApp Clustered Data ONTAP
CVE-2021-29399
XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11...
Xmbforum2 Xmb>=1.9.1<1.9.11.16
PHP PHP=5.0.0
Xmbforum2 Xmb>=1.9.11<1.9.11.16
Xmbforum2 Xmb>=1.9.12<1.9.12.03
PHP PHP=7.0.0
PHP PHP=8.0.0
CVE-2021-21702
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a respon...
<8.0.2
PHP PHP>=7.3.0<7.3.27
PHP PHP>=7.4.0<7.4.15
PHP PHP>=8.0.0<8.0.2
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 4 more
CVE-2020-7071
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid U...
PHP PHP<8.0.1
debian/php7.3
debian/php7.4
PHP PHP>=7.3.0<7.3.26
PHP PHP>=7.4.0<7.4.14
PHP PHP>=8.0.0<8.0.1
and 3 more
CVE-2020-7070
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefi...
debian/php7.3
debian/php7.4
ubuntu/php5<5.5.9+dfsg-1ubuntu4.29+
ubuntu/php7.0<7.0.33-0ubuntu0.16.04.16
ubuntu/php7.2<7.2.24-0ubuntu0.18.04.7
ubuntu/php7.4<7.4.3-4ubuntu2.4
and 19 more
CVE-2020-7069
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used...
PHP PHP>=7.2.0<7.2.34
PHP PHP>=7.3.0<7.3.23
PHP PHP>=7.4.0<7.4.11
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 18 more
CVE-2020-11579
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hos...
Chadhaajay Phpkb=9.0
PHP PHP<7.2.16
CVE-2020-7068
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which c...
<7.2.33
PHP PHP>=7.2.0<7.2.33
PHP PHP>=7.3.0<7.3.21
PHP PHP>=7.4.0<7.4.9
Debian Debian Linux=10.0
Tenable Tenable.sc<5.19.0
and 2 more
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocat...
<7.2.31
redhat/rh-php73-php<0:7.3.20-1.el7
redhat/php<7.3.18
redhat/php<7.2.31
redhat/php<7.4.6
PHP PHP>=7.2.0<7.2.31
and 4 more
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated...
<7.3.17
PHP PHP>=7.2.0<7.2.30
PHP PHP>=7.3.0<7.3.17
PHP PHP>=7.4.0<7.4.5
Tenable Tenable.sc<5.19.0
Oracle Communications Diameter Signaling Router>=8.0.0.0<=8.4.0.5
and 4 more
CVE-2020-7066
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently trunca...
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.2.0<7.2.29
PHP PHP>=7.3.0<7.3.16
PHP PHP>=7.4.0<7.4.4
Tenable Tenable.sc<5.19.0
Tenable Tenable.sc=5.19.0
and 16 more
CVE-2020-7064
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of ...
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.2.0<7.2.29
PHP PHP>=7.3.0<7.3.16
PHP PHP>=7.4.0<7.4.4
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 21 more
CVE-2020-7065
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This...
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.3.0<7.3.16
PHP PHP>=7.4.0<7.4.4
Debian Debian Linux=10.0
Canonical Ubuntu Linux=12.04
Canonical Ubuntu Linux=14.04
and 13 more
CVE-2020-7061
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated b...
<7.3.15
PHP PHP>=7.2.0<=7.2.27
PHP PHP>=7.3.0<=7.3.14
PHP PHP>=7.4.0<=7.4.2
Microsoft Windows
Tenable Tenable.sc<5.19.0
CVE-2011-3336
regcomp in the BSD implementation of libc is vulnerable to denial of service due to stack exhaustion.
FreeBSD FreeBSD=8.2
Apple Mac OS X>=10.6.0<=10.7.2
Openbsd Openbsd=5.0
PHP PHP>=5.3.0<=5.3.10
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set t...
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.2.0<=7.2.27
PHP PHP>=7.3.0<=7.3.14
PHP PHP>=7.4.0<=7.4.2
openSUSE Leap=15.1
Debian Debian Linux=8.0
and 16 more
CVE-2020-7060
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause functio...
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.2.0<7.2.27
PHP PHP>=7.3.0<7.3.14
PHP PHP>=7.4.0<7.4.2
Tenable Tenable.sc<5.19.0
Oracle Communications Diameter Signaling Router>=8.0<=8.4
and 12 more
CVE-2020-7059
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function ...
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.2.0<7.2.27
PHP PHP>=7.3.0<7.3.14
PHP PHP>=7.4.0<7.4.2
Tenable Tenable.sc<5.19.0
Oracle Communications Diameter Signaling Router>=8.0<=8.4
and 12 more
CVE-2015-6497
The create function in `app/code/core/Mage/Catalog/Model/Product/Api/V2.php` in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4...
composer/magento/core<1.9.2.1
Magento Magento<1.9.2.1
Magento Magento<1.14.2.1
PHP PHP<5.4.24
PHP PHP>=5.4.25<5.5.8
Magento Magento<1.9.2.1
and 3 more
CVE-2015-2326
The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group conta...
Pcre Pcre<8.37
openSUSE openSUSE=13.1
openSUSE openSUSE=13.2
Mariadb Mariadb>=10.0.0<10.0.18
PHP PHP>=5.4.0<5.4.41
PHP PHP>=5.5.0<5.5.26
and 1 more
CVE-2015-2325
The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unsp...
Pcre Pcre<8.37
openSUSE openSUSE=13.1
openSUSE openSUSE=13.2
Mariadb Mariadb<10.0.18
PHP PHP>=5.4.0<5.4.41
PHP PHP>=5.5.0<5.5.26
and 1 more
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (066...
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.2.0<=7.2.27
PHP PHP>=7.3.0<=7.3.14
PHP PHP>=7.4.0<=7.4.2
Tenable Tenable.sc<5.19.0
Debian Debian Linux=8.0
and 12 more
CVE-2019-11044
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to...
<7.2.26
PHP PHP>=7.2.0<=7.2.26
PHP PHP>=7.3.0<=7.3.13
PHP PHP=7.4.0
Tenable SecurityCenter<5.19.0
Fedoraproject Fedora=30
and 1 more
CVE-2019-11045
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to se...
<7.2.26
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.2.0<=7.2.26
PHP PHP>=7.3.0<=7.3.13
PHP PHP=7.4.0
Fedoraproject Fedora=30
and 13 more
CVE-2019-11046
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked into reading beyond the allocated space by supplying...
<7.2.26
PHP PHP>=7.2.0<=7.2.26
PHP PHP>=7.3.0<=7.3.13
PHP PHP=7.4.0
Debian Debian Linux=8.0
Debian Debian Linux=9.0
and 12 more
CVE-2019-11047
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with...
<7.2.26
redhat/rh-php73-php<0:7.3.20-1.el7
PHP PHP>=7.2.0<7.2.26
PHP PHP>=7.3.0<7.3.13
PHP PHP=7.4.0
Fedoraproject Fedora=30
and 12 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203