Vulnerabilities (CVE)

Filtered by vendor Php Subscribe
Total 692 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11579 2 Chadhaajay, Php 2 Phpkb, Php 2022-06-13 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
CVE-2020-7067 4 Debian, Oracle, Php and 1 more 4 Debian Linux, Communications Diameter Signaling Router, Php and 1 more 2022-05-16 5.0 MEDIUM 7.5 HIGH
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
CVE-2020-7061 3 Microsoft, Php, Tenable 3 Windows, Php, Tenable.sc 2022-05-16 6.4 MEDIUM 9.1 CRITICAL
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
CVE-2020-7064 5 Canonical, Debian, Opensuse and 2 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2022-05-09 5.8 MEDIUM 5.4 MEDIUM
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7066 4 Debian, Opensuse, Php and 1 more 4 Debian Linux, Leap, Php and 1 more 2022-05-08 4.3 MEDIUM 4.3 MEDIUM
In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.
CVE-2020-7063 4 Debian, Opensuse, Php and 1 more 4 Debian Linux, Leap, Php and 1 more 2022-05-08 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
CVE-2021-21703 5 Debian, Fedoraproject, Netapp and 2 more 5 Debian Linux, Fedora, Clustered Data Ontap and 2 more 2022-04-28 6.9 MEDIUM 7.0 HIGH
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
CVE-2022-27158 1 Php 1 Pearweb 2022-04-22 7.5 HIGH 9.8 CRITICAL
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
CVE-2022-27157 1 Php 1 Pearweb 2022-04-22 7.5 HIGH 9.8 CRITICAL
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.
CVE-2021-21707 3 Debian, Netapp, Php 3 Debian Linux, Clustered Data Ontap, Php 2022-04-20 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.
CVE-2021-21708 1 Php 1 Php 2022-04-18 6.8 MEDIUM 9.8 CRITICAL
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.
CVE-2018-19518 4 Canonical, Debian, Php and 1 more 4 Ubuntu Linux, Debian Linux, Php and 1 more 2022-04-18 8.5 HIGH 7.5 HIGH
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument.
CVE-2022-26635 1 Php 1 Memcached 2022-04-18 7.5 HIGH 9.8 CRITICAL
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.
CVE-2019-9641 5 Canonical, Debian, Netapp and 2 more 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more 2022-04-05 7.5 HIGH 9.8 CRITICAL
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF.
CVE-2019-9640 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an Invalid Read in exif_process_SOFn.
CVE-2019-9639 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the data_len variable.
CVE-2019-9638 6 Canonical, Debian, Netapp and 3 more 6 Ubuntu Linux, Debian Linux, Storage Automation Store and 3 more 2022-04-05 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len.
CVE-2020-28948 4 Debian, Drupal, Fedoraproject and 1 more 4 Debian Linux, Drupal, Fedora and 1 more 2022-03-30 6.8 MEDIUM 7.8 HIGH
Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
CVE-2015-8880 1 Php 1 Php 2022-03-01 10.0 HIGH 9.8 CRITICAL
Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error.
CVE-2021-21705 3 Netapp, Oracle, Php 3 Clustered Data Ontap, Sd-wan Aware, Php 2022-02-22 5.0 MEDIUM 5.3 MEDIUM
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.