CVE-2024-2756
- EPSS 6.49%
- Veröffentlicht 29.04.2024 04:15:07
- Zuletzt bearbeitet 04.11.2025 18:16:18
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applic...
- EPSS 0.56%
- Veröffentlicht 24.05.2007 02:30:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
CVE-2006-3016
- EPSS 6.74%
- Veröffentlicht 14.06.2006 23:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-...
CVE-2006-3018
- EPSS 1.17%
- Veröffentlicht 14.06.2006 23:02:00
- Zuletzt bearbeitet 03.04.2025 01:03:51
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.