Known Vulnerabilities for products from Php
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Php".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-3824 json | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR... | 9.8 - CRITICAL | 2023-08-11 | 2023-10-27 |
| CVE-2023-3823 json | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global ... | 7.5 - HIGH | 2023-08-11 | 2023-10-27 |
| CVE-2023-3247 json | In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, rand... | 4.3 - MEDIUM | 2023-07-22 | 2023-08-01 |
| CVE-2023-0662 json | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cau... | 7.5 - HIGH | 2023-02-16 | 2023-05-17 |
| CVE-2023-0568 json | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byt... | 8.1 - HIGH | 2023-02-16 | 2023-05-17 |
| CVE-2023-0567 json | In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Bl... | 6.2 - MEDIUM | 2023-03-01 | 2023-11-07 |
| CVE-2022-37454 json | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allo... | 9.8 - CRITICAL | 2022-10-21 | 2023-05-03 |
| CVE-2022-31630 json | In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to su... | 7.1 - HIGH | 2022-11-14 | 2024-04-02 |
| CVE-2022-31629 json | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard... | 6.5 - MEDIUM | 2022-09-28 | 2023-11-07 |
| CVE-2022-31628 json | In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files... | 5.5 - MEDIUM | 2022-09-28 | 2023-11-07 |
| CVE-2022-31627 json | In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third... | 9.8 - CRITICAL | 2022-07-28 | 2022-10-25 |
| CVE-2022-31626 json | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, ... | 8.8 - HIGH | 2022-06-16 | 2023-11-07 |
| CVE-2022-31625 json | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supply... | 8.1 - HIGH | 2022-06-16 | 2023-11-07 |
| CVE-2022-27158 json | pearweb < 1.32 suffers from Deserialization of Untrusted Data. | 9.8 - CRITICAL | 2022-04-15 | 2022-04-22 |
| CVE-2022-27157 json | pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php. | 9.8 - CRITICAL | 2022-04-15 | 2022-04-22 |
| CVE-2022-26635 json | PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. | 9.8 - CRITICAL | 2022-04-05 | 2022-04-18 |
| CVE-2022-4900 json | A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a he... | 5.5 - MEDIUM | 2023-11-02 | 2023-11-30 |
| CVE-2021-32610 json | In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than ... | 7.1 - HIGH | 2021-07-30 | 2023-11-07 |
| CVE-2021-29399 json | XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of... | 6.1 - MEDIUM | 2021-04-19 | 2021-04-22 |
| CVE-2021-21708 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-02-27 | 2022-10-07 |
Known software with vulnerabilities from Php
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Php | Animated Smiley Generator | - |
| Application | Php | Archive Tar | 1.3.11 |
| Application | Php | Ar Memberscript | - |
| Application | Php | Blog Cms | - |
| Application | Php | Bloq | - |
| Application | Php | Comoblog | - |
| Application | Php | Com Extensions | - |
| Application | Php | Cvs | - |
| Application | Php | Directory Listing Script | - |
| Application | Php | Dirlist | - |
| Application | Php | Easymoblog | - |
| Application | Php | Errordocs | - |
| Application | Php | Ext-http | - |
| Application | Php | F1 Maxs File Uploader | - |
| Application | Php | Go-pear.php | - |
| Application | Php | Imagick | 3.3.0 |
| Application | Php | Mysql Banner Exchange | - |
| Application | Php | Mysql Extension | - |
| Application | Php | Pear | - |
| Application | Php | Pear Archive Tar | 0.10 |