Php Group PHP vulnerabilities
87 known vulnerabilities affecting php_group/php.
Total CVEs
87
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL23HIGH29MEDIUM32LOW3
Vulnerabilities
Page 3 of 5
CVE-2026-7568P3HIGHCVSS 7.5≥ 8.2.*, < 8.2.31≥ 8.3.*, < 8.3.31+2 more2026-05-10
CVE-2026-7568 [HIGH] CWE-125 CVE-2026-7568: In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behav
nvd
CVE-2021-21702P3HIGHCVSS 7.5≥ 7.3.x, < 7.3.27≥ 7.4.x, < 7.4.15+1 more2021-02-15
CVE-2021-21702 [HIGH] CWE-476 CVE-2021-21702: In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extens
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
nvd
CVE-2024-2757P3HIGHCVSS 7.5≥ 8.3.*, < 8.3.52024-04-29
CVE-2024-2757 [HIGH] CWE-400 CVE-2024-2757: In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that conta
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.
nvd
CVE-2026-7263P3HIGHCVSS 7.5≥ 8.4.*, < 8.4.21≥ 8.5.*, < 8.5.62026-05-10
CVE-2026-7263 [HIGH] CWE-404 CVE-2026-7263: In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the X
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML document. This may cause subsequent processing of the XML document to enter infinite loop, causing denial of service in the processing application.
nvd
CVE-2026-7258P3HIGHCVSS 7.5≥ 8.2.*, < 8.2.31≥ 8.3.*, < 8.3.31+2 more2026-05-10
CVE-2026-7258 [HIGH] CWE-125 CVE-2026-7258: In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can lead to accessing array with negative offset, w
nvd
CVE-2025-1735P3HIGHCVSS 7.5≥ 8.1.*, < 8.1.33≥ 8.2.*, < 8.2.29+2 more2025-07-13
CVE-2025-1735 [HIGH] CWE-89 CVE-2025-1735: In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_p
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
nvd
CVE-2025-1736P3HIGHCVSS 7.3≥ 8.1.*, < 8.1.32≥ 8.2.*, < 8.2.28+2 more2025-03-30
CVE-2025-1736 [HIGH] CWE-20 CVE-2025-1736: In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* befo
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
nvd
CVE-2019-11045P3MEDIUMCVSS 5.9≥ 7.2.x, < 7.2.26≥ 7.3.x, < 7.3.13+1 more2019-12-23
CVE-2019-11045 [MEDIUM] CWE-170 CVE-2019-11045: In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accept
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access.
nvd
CVE-2019-11050P3MEDIUMCVSS 6.5≥ 7.2.x, < 7.2.26≥ 7.3.x, < 7.3.13+1 more2019-12-23
CVE-2019-11050 [MEDIUM] CWE-125 CVE-2019-11050: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
nvd
CVE-2019-11047P3MEDIUMCVSS 6.5≥ 7.2.x, < 7.2.26≥ 7.3.x, < 7.3.13+1 more2019-12-23
CVE-2019-11047 [MEDIUM] CWE-125 CVE-2019-11047: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
nvd
CVE-2023-0662P3HIGHCVSS 7.5≥ 8.0.x, < 8.0.28≥ 8.1.x, < 8.1.16+1 more2023-02-16
CVE-2023-0662 [HIGH] CWE-400 CVE-2023-0662: In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in
In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.
nvd
CVE-2024-5458P3MEDIUMCVSS 5.3≥ 8.1.*, < 8.1.29≥ 8.2.*, < 8.2.20+1 more2024-06-09
CVE-2024-5458 [MEDIUM] CWE-345 CVE-2024-5458: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic er
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may le
nvd
CVE-2021-21703P3HIGHCVSS 7.0≥ 7.3.x, ≤ 7.3.31≥ 7.4.x, < 7.4.25+1 more2021-10-25
CVE-2021-21703 [HIGH] CWE-284 CVE-2021-21703: In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when ru
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way tha
nvd
CVE-2019-11048P3MEDIUMCVSS 5.3≥ 7.3.x, < 7.3.18≥ 7.4.x, < 7.4.6+1 more2020-05-20
CVE-2019-11048 [MEDIUM] CWE-190 CVE-2019-11048: In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This p
nvd
CVE-2020-7069P3MEDIUMCVSS 6.5≥ 7.3.x, < 7.3.23≥ 7.4.x, < 7.4.11+1 more2020-10-02
CVE-2020-7069 [MEDIUM] CWE-20 CVE-2020-7069: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
nvd
CVE-2024-3096P4MEDIUMCVSS 6.5≥ 8.1.*, < 8.1.28≥ 8.2.*, < 8.2.18+1 more2024-04-29
CVE-2024-3096 [MEDIUM] CWE-20 CVE-2024-3096: In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored w
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.
nvd
CVE-2020-7070P3MEDIUMCVSS 5.3≥ 7.3.x, < 7.3.23≥ 7.4.x, < 7.4.11+1 more2020-10-02
CVE-2020-7070 [MEDIUM] CWE-20 CVE-2020-7070: In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processin
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. S
nvd
CVE-2019-11041P4HIGHCVSS 7.1v7.1.x below 7.1.31v7.2.x below 7.2.21+1 more2019-08-09
CVE-2019-11041 [HIGH] CWE-125 CVE-2019-11041: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
nvd
CVE-2019-11042P4HIGHCVSS 7.1v7.1.x below 7.1.31v7.2.x below 7.2.21+1 more2019-08-09
CVE-2019-11042 [HIGH] CWE-125 CVE-2019-11042: When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() functio
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.
nvd
CVE-2024-2408P4MEDIUMCVSS 5.9≥ 8.1.*, < 8.1.29≥ 8.2.*, < 8.2.20+1 more2024-06-09
CVE-2024-2408 [MEDIUM] CWE-203 CVE-2024-2408: The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSS
nvd