CVE-2018-5712Cross-site Scripting in PHP

CWE-79Cross-site Scripting17 documents7 sources
Severity
6.1MEDIUMNVD
OSV9.8OSV7.5
EPSS
89.2%
top 0.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Php5PHPCanonical Ubuntu Linux+1 more
Timeline
PublishedJan 16
Latest updateMay 14

Description

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDphp/php7.0.07.0.30+7
Alpinephp5/php5< 5.6.36-r0+1
Ubuntuphp5/php5< 5.5.9+dfsg-1ubuntu4.23+1

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

Patches

Patch: bugs.php.netPatch: bugs.php.net

🔴Vulnerability Details

6
GHSA
GHSA-phvf-v525-xwq3: An issue was discovered in ext/phar/phar_object2022-05-14
GHSA
GHSA-p569-737x-7h7p: An issue was discovered in PHP before 52022-05-14
OSV
CVE-2018-10547: An issue was discovered in ext/phar/phar_object2018-04-29
OSV
php5, php7.0, php7.1 vulnerabilities2018-03-19
OSV
php5 vulnerabilities2018-02-12

📋Vendor Advisories

6
Oracle
Oracle Oracle Secure Backup Risk Matrix: PHP — CVE-2018-57122020-04-15
Ubuntu
PHP vulnerabilities2018-05-15
Red Hat
php: Reflected XSS vulnerability on PHAR 403 and 404 error pages2018-04-26
Ubuntu
PHP vulnerabilities2018-03-19
Ubuntu
PHP vulnerabilities2018-02-12

💬Community

3
Bugzilla
CVE-2018-10547 php: Reflected XSS vulnerability on PHAR 403 and 404 error pages2018-05-02
Bugzilla
CVE-2018-5712 php: reflected XSS in .phar 404 page [fedora-all]2018-01-17
Bugzilla
CVE-2018-5712 php: Reflected XSS on PHAR 404 page2018-01-16