QID 150469
Date Published: 2022-02-14
QID 150469: PHP Multiple Vulnerabilities (CVE-2021-21704,CVE-2021-21705)
PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications.
Multiple Vulnerabilities are identified in PHP:
CVE-2021-21704 : A bug in "pdo_firebase" module allows a malicious firebase server or man-in-the-middle attacker to crash PHP.
CVE-2021-21705 : PHP incorrectly handled the "FILTER_VALIDATE_URL" check. A remote attacker could possibly use this issue to perform a server- side request forgery attack.
Affected Versions:
7.3.x below 7.3.29
7.4.x below 7.4.21
8.0.x below 8.0.8
QID Detection Logic (Unauthenticated):
This QID checks the HTTP Server header to see if the server is running a vulnerable version of PHP.
Successful exploitation of these vulnerabilities could lead to addition or modification of data or Denial of Service (DoS).
- Sec Bug 76448 -
bugs.php.net/bug.php?id=76448 - Sec Bug 81122 -
bugs.php.net/bug.php?id=81122
CVEs related to QID 150469
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| Sec Bug 76448 |
bugs.php.net/bug.php?id=76448 |
||
| Sec Bug 76449 |
bugs.php.net/bug.php?id=76449 |
||
| Sec Bug 76450 |
bugs.php.net/bug.php?id=76450 |
||
| Sec Bug 76452 |
bugs.php.net/bug.php?id=76452 |
||
| Sec Bug 81122 |
bugs.php.net/bug.php?id=81122 |