cbcvebase.

Php Group PHP vulnerabilities

87 known vulnerabilities affecting php_group/php.

Total CVEs
87
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL23HIGH29MEDIUM32LOW3

Vulnerabilities

Page 2 of 5
CVE-2025-14178P3HIGHCVSS 8.2≥ 8.1.*, < 8.1.34≥ 8.2.*, < 8.2.30+3 more2025-12-27
CVE-2025-14178 [HIGH] CWE-190 CVE-2025-14178: In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This
nvd
CVE-2020-7065P3HIGHCVSS 8.8≥ 7.3.x, < 7.3.16≥ 7.4.x, < 7.4.42020-04-01
CVE-2020-7065 [HIGH] CWE-121 CVE-2020-7065: In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
nvd
CVE-2022-31627P3CRITICALCVSS 9.8≥ 8.1.X, < 8.1.82022-07-28
CVE-2022-31627 [CRITICAL] CWE-590 CVE-2022-31627: In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect p In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
nvd
CVE-2022-31625P3HIGHCVSS 8.1≥ 7.4.X, < 7.4.30≥ 8.0.X, < 8.0.20+1 more2022-06-16
CVE-2022-31625 [HIGH] CWE-590 CVE-2022-31625: In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres d In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service.
nvd
CVE-2019-11040P3CRITICALCVSS 9.1v7.1.30v7.2.19+1 more2019-06-19
CVE-2019-11040 [CRITICAL] CWE-125 CVE-2019-11040: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
nvd
CVE-2024-8927P3HIGHCVSS 7.5≥ 8.1.*, < 8.1.30≥ 8.2.*, < 8.2.24+1 more2024-10-08
CVE-2024-8927 [HIGH] CWE-1220 CVE-2024-8927: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not b
nvd
CVE-2026-7262P3HIGHCVSS 7.5≥ 8.2.*, < 8.2.31≥ 8.3.*, < 8.3.31+2 more2026-05-10
CVE-2026-7262 [HIGH] CWE-476 CVE-2026-7262: In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5. In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer, causing a segmentation fault. This allows a remote unauthe
nvd
CVE-2019-11044P3HIGHCVSS 7.5≥ 7.2.x, < 7.2.26≥ 7.3.x, < 7.3.13+1 more2019-12-23
CVE-2019-11044 [HIGH] CWE-170 CVE-2019-11044: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function acc In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
nvd
CVE-2020-7067P3HIGHCVSS 7.5v7.2.x below 7.2.30v7.3.x below 7.3.17 and 7.4.x below 7.4.52020-04-27
CVE-2020-7067 [HIGH] CWE-125 CVE-2020-7067: In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled wit In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
nvd
CVE-2023-0568P3HIGHCVSS 8.1≥ 8.0.x, < 8.0.28≥ 8.1.x, < 8.1.16+1 more2023-02-16
CVE-2023-0568 [HIGH] CWE-131 CVE-2023-0568: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution functio In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification
nvd
CVE-2019-11035P3CRITICALCVSS 9.1≥ 7.1.x, < 7.1.28≥ 7.2.x, < 7.2.17+1 more2019-04-18
CVE-2019-11035 [CRITICAL] CWE-125 CVE-2019-11035: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
nvd
CVE-2019-11034P3CRITICALCVSS 9.1≥ 7.1.x, < 7.1.28≥ 7.2.x, < 7.2.17+1 more2019-04-18
CVE-2019-11034 [CRITICAL] CWE-125 CVE-2019-11034: When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash.
nvd
CVE-2025-14177P3HIGHCVSS 7.5≥ 8.1.*, < 8.1.34≥ 8.2.*, < 8.2.30+3 more2025-12-27
CVE-2025-14177 [HIGH] CWE-125 CVE-2025-14177: In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overw
nvd
CVE-2023-3823P3HIGHCVSS 7.5≥ 8.0.*, < 8.0.30≥ 8.1.*, < 8.1.22+1 more2023-08-11
CVE-2023-3823 [HIGH] CWE-611 CVE-2023-3823: In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functio In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-gl
nvd
CVE-2019-11039P3CRITICALCVSS 9.1v7.1.30v7.2.19+1 more2019-06-19
CVE-2019-11039 [CRITICAL] CWE-125 CVE-2019-11039: Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3. Function iconv_mime_decode_headers() in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6 may perform out-of-buffer read due to integer overflow when parsing MIME headers. This may lead to information disclosure or crash.
nvd
CVE-2024-11234P3HIGHCVSS 7.2≥ 8.1.*, < 8.1.31≥ 8.2.*, < 8.2.26+1 more2024-11-24
CVE-2024-11234 [HIGH] CWE-20 CVE-2024-11234: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams wi In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining
nvd
CVE-2024-11233P3HIGHCVSS 8.2≥ 8.1.*, < 8.1.31≥ 8.2.*, < 8.2.26+1 more2024-11-24
CVE-2024-11233 [HIGH] CWE-122 CVE-2024-11233: In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in co In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
nvd
CVE-2021-21707P3MEDIUMCVSS 5.3≥ 7.3.x, < 7.3.33≥ 7.4.x, < 7.4.26+1 more2021-11-29
CVE-2021-21707 [MEDIUM] CWE-159 CVE-2021-21707: In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing f In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. If that filename contains URL-encoded NUL character, this may cause the function to interpret this as the end of the filename, thus interpreting the filename differently fro
nvd
CVE-2020-7062P3HIGHCVSS 7.5≥ 7.3.x, < 7.3.15≥ 7.4.x, < 7.4.3+1 more2020-02-27
CVE-2020-7062 [HIGH] CWE-476 CVE-2020-7062: In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, whic
nvd
CVE-2025-14180P3HIGHCVSS 7.5≥ 8.1.*, < 8.1.34≥ 8.2.*, < 8.2.30+3 more2025-12-27
CVE-2025-14180 [HIGH] CWE-476 CVE-2025-14180: In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a
nvd
Php Group PHP vulnerabilities | cvebase