Php

Php

711 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2019-11049

  • EPSS 3.25%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:27

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double...

6.5

CVE-2019-11050

Exploit
  • EPSS 3.12%
  • Veröffentlicht 23.12.2019 03:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:27

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocate...

7.5

CVE-2019-11044

Exploit
  • EPSS 6.29%
  • Veröffentlicht 23.12.2019 03:15:10
  • Zuletzt bearbeitet 21.11.2024 04:20:26

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications ch...

9.8

CVE-2011-1939

Exploit
  • EPSS 8.54%
  • Veröffentlicht 26.11.2019 22:15:14
  • Zuletzt bearbeitet 21.11.2024 01:27:21

SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6.

7.5

CVE-2019-19246

  • EPSS 0.19%
  • Veröffentlicht 25.11.2019 17:15:11
  • Zuletzt bearbeitet 21.11.2024 04:34:24

Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.

7.5

CVE-2010-4657

  • EPSS 1.57%
  • Veröffentlicht 13.11.2019 21:15:11
  • Zuletzt bearbeitet 21.11.2024 01:21:27

PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output.

9.8

CVE-2019-11043

Warnung Exploit
  • EPSS 94.11%
  • Veröffentlicht 28.10.2019 15:15:13
  • Zuletzt bearbeitet 14.02.2025 16:43:36

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the p...

7.1

CVE-2019-11041

Exploit
  • EPSS 2.82%
  • Veröffentlicht 09.08.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:25

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past ...

7.1

CVE-2019-11042

Exploit
  • EPSS 3.29%
  • Veröffentlicht 09.08.2019 20:15:11
  • Zuletzt bearbeitet 21.11.2024 04:20:25

When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past ...

7.5

CVE-2017-7189

  • EPSS 1.22%
  • Veröffentlicht 10.07.2019 15:15:11
  • Zuletzt bearbeitet 21.11.2024 03:31:20

main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later truncated to 127.0.0.1:80. This behavior has a securi...