Php Group PHP vulnerabilities
87 known vulnerabilities affecting php_group/php.
Total CVEs
87
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL23HIGH29MEDIUM32LOW3
Vulnerabilities
Page 1 of 5
CVE-2024-4577P1CRITICALCVSS 9.8KEVPoCRansomware≥ 8.1.*, < 8.1.30≥ 8.2.*, < 8.2.24+1 more2024-06-09
CVE-2024-4577 [CRITICAL] CWE-78 CVE-2024-4577: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may all
nvd
CVE-2023-3824P1CRITICALCVSS 9.8ExploitedRansomware≥ 8.0.*, < 8.0.30≥ 8.1.*, < 8.1.22+1 more2023-08-11
CVE-2023-3824 [CRITICAL] CWE-119 CVE-2023-3824: In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE.
nvd
CVE-2024-1874P2CRITICALCVSS 9.4≥ 8.1.*, < 8.1.29≥ 8.2.*, < 8.2.20+1 more2024-04-29
CVE-2024-1874 [CRITICAL] CWE-116 CVE-2024-1874: In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open()
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
nvd
CVE-2022-31626P2HIGHCVSS 8.8≥ 7.4.X, < 7.4.30≥ 8.0.X, < 8.0.20+1 more2022-06-16
CVE-2022-31626 [HIGH] CWE-120 CVE-2022-31626: In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extens
In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.
nvd
CVE-2026-6722P2CRITICALCVSS 9.8≥ 8.2.*, < 8.2.31≥ 8.3.*, < 8.3.31+2 more2026-05-10
CVE-2026-6722 [CRITICAL] CWE-416 CVE-2026-6722: In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the second entry overwrites the first in the
nvd
CVE-2022-31631P3CRITICALCVSS 9.1≥ 8.0.x, < 8.0.27≥ 8.1.x, < 8.1.15+1 more2025-02-12
CVE-2022-31631 [CRITICAL] CWE-74 CVE-2022-31631: In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote()
In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities.
nvd
CVE-2025-14179P3CRITICALCVSS 9.8≥ 8.2.*, < 8.2.31≥ 8.3.*, < 8.3.31+2 more2026-05-10
CVE-2025-14179 [CRITICAL] CWE-89 CVE-2025-14179: In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and ca
nvd
CVE-2022-31629P3MEDIUMCVSS 6.5≥ 8.1.*, < 8.1.28≥ 8.2.*, < 8.2.18+1 more2022-09-28
CVE-2022-31629 [MEDIUM] CWE-20 CVE-2022-31629: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site at
In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.
nvd
CVE-2021-21708P3CRITICALCVSS 9.8≥ 7.4.x, < 7.4.28≥ 8.0.X, < 8.0.16+1 more2022-02-27
CVE-2021-21708 [CRITICAL] CWE-416 CVE-2021-21708: In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter fun
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE. This is
nvd
CVE-2024-11236P3CRITICALCVSS 9.8≥ 8.1.*, < 8.1.31≥ 8.2.*, < 8.2.26+1 more2024-11-24
CVE-2024-11236 [CRITICAL] CWE-787 CVE-2024-11236: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long str
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
nvd
CVE-2026-7261P3CRITICALCVSS 9.8≥ 8.2.*, < 8.2.31≥ 8.3.*, < 8.3.31+2 more2026-05-10
CVE-2026-7261 [CRITICAL] CWE-416 CVE-2026-7261: In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistance is handled incorrectly, resulting in freeing t
nvd
CVE-2019-11049P3CRITICALCVSS 9.8≥ 7.3.x, < 7.3.13≥ 7.4.x, < 7.4.12019-12-23
CVE-2019-11049 [CRITICAL] CWE-415 CVE-2019-11049: In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() fun
In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.
nvd
CVE-2024-11235P3HIGHCVSS 8.1≥ 8.4.*, < 8.4.5≥ 8.3.*, < 8.3.192025-04-04
CVE-2024-11235 [HIGH] CWE-416 CVE-2024-11235: In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
nvd
CVE-2024-8932P3CRITICALCVSS 9.8≥ 8.1.*, < 8.1.31≥ 8.2.*, < 8.2.26+1 more2024-11-22
CVE-2024-8932 [CRITICAL] CWE-787 CVE-2024-8932: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long str
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write.
nvd
CVE-2020-7060P3CRITICALCVSS 9.1≥ 7.2.x, < 7.2.27≥ 7.3.x, < 7.3.14+1 more2020-02-10
CVE-2020-7060 [CRITICAL] CWE-125 CVE-2020-7060: When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
nvd
CVE-2025-1861P3CRITICALCVSS 9.8≥ 8.1.*, < 8.1.32≥ 8.2.*, < 8.2.28+2 more2025-03-30
CVE-2025-1861 [CRITICAL] CWE-131 CVE-2025-1861: In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* befo
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may l
nvd
CVE-2020-7059P3CRITICALCVSS 9.1≥ 7.2.x, < 7.2.27≥ 7.3.x, < 7.3.14+1 more2020-02-10
CVE-2020-7059 [CRITICAL] CWE-125 CVE-2020-7059: When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
nvd
CVE-2019-11036P3CRITICALCVSS 9.1≥ 7.1.x, < 7.1.29≥ 7.2.x, < 7.2.18+1 more2019-05-03
CVE-2019-11036 [CRITICAL] CWE-126 CVE-2019-11036: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
nvd
CVE-2026-6104P3CRITICALCVSS 9.1≥ 8.4.*, < 8.4.21≥ 8.5.*, < 8.5.62026-05-10
CVE-2026-6104 [CRITICAL] CWE-125 CVE-2026-6104: In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embe
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectly assumes that when strncasecmp() returns 0 it means the strings have the same length. This can lead to out-of-bounds read of global memory, potentially
nvd
CVE-2020-7061P3CRITICALCVSS 9.1≥ 7.3.x, < 7.3.15≥ 7.4.x, < 7.4.32020-02-27
CVE-2020-7061 [CRITICAL] CWE-125 CVE-2020-7061: In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows usi
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
nvd
1 / 5Next →