U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:php:php:7.4.15:-:*:*:*:*:*:*
  • CPE Name Search: true
There are 19 matching records.
Displaying matches 1 through 19.
Vuln ID Summary CVSS Severity
CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Published: June 09, 2024; 4:15:09 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2024-5458

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.

Published: June 09, 2024; 3:15:52 PM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

Published: November 14, 2022; 2:15:09 AM -0500
V4.0:(not available)
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-37454

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.

Published: October 21, 2022; 2:15:09 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0:(not available)
CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

Published: September 28, 2022; 7:15:10 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Published: September 28, 2022; 7:15:09 PM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2022-31626

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

Published: June 16, 2022; 2:15:08 AM -0400
V4.0:(not available)
V3.1: 8.8 HIGH
V2.0: 6.0 MEDIUM
CVE-2022-31625

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.

Published: June 16, 2022; 2:15:08 AM -0400
V4.0:(not available)
V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-21708

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This issue affects: code that uses FILTER_VALIDATE_FLOAT with min/max limits.

Published: February 27, 2022; 3:15:06 AM -0500
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2021-21707

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently from what the user intended, which may lead it to reading a different file than intended.

Published: November 29, 2021; 2:15:06 AM -0500
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.

Published: October 25, 2021; 2:15:06 AM -0400
V4.0:(not available)
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2021-21706

In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.

Published: October 04, 2021; 12:15:08 AM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-21705

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision.

Published: October 04, 2021; 12:15:08 AM -0400
V4.0:(not available)
V3.1: 5.3 MEDIUM
V2.0: 5.0 MEDIUM
CVE-2021-21704

In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver. This can result in crashes, denial of service or potentially memory corruption.

Published: October 04, 2021; 12:15:07 AM -0400
V4.0:(not available)
V3.1: 5.9 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-9120

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

Published: August 02, 2018; 11:29:00 AM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2017-9118

PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.

Published: August 02, 2018; 11:29:00 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2017-8923

The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.

Published: May 12, 2017; 4:29:00 PM -0400
V4.0:(not available)
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2013-2220

Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.

Published: July 31, 2013; 9:20:27 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2007-3205

The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.

Published: June 13, 2007; 6:30:00 AM -0400
V4.0:(not available)
V3.x:(not available)
V2.0: 5.0 MEDIUM