cbcvebase.

Php Group PHP vulnerabilities

87 known vulnerabilities affecting php_group/php.

Total CVEs
87
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL23HIGH29MEDIUM32LOW3

Vulnerabilities

Page 5 of 5
CVE-2022-31628P4MEDIUMCVSS 5.5≥ 7.4.X, < 7.4.31≥ 8.0.X, < 8.0.24+1 more2022-09-28
CVE-2022-31628 [MEDIUM] CWE-674 CVE-2022-31628: In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncom In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.
nvd
CVE-2020-7066P4MEDIUMCVSS 4.3v7.2.x below 7.2.29v7.3.x below 7.3.16+1 more2020-04-01
CVE-2020-7066 [MEDIUM] CWE-170 CVE-2020-7066: In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_header In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong
nvd
CVE-2023-3247P4MEDIUMCVSS 4.3≥ 8.0.*, < 8.0.29≥ 8.1.*, < 8.1.20+1 more2023-07-22
CVE-2023-3247 [MEDIUM] CWE-252 CVE-2023-3247: In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Di In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to
nvd
CVE-2020-7068P4LOWCVSS 3.6≥ 7.3.x, < 7.3.21≥ 7.4.x, < 7.4.9+1 more2020-09-09
CVE-2020-7068 [LOW] CWE-416 CVE-2020-7068: In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure.
nvd
CVE-2006-7205P4MEDIUMCVSS 5.0v4.4.2v5.1.22007-05-24
CVE-2006-7205 [MEDIUM] CVE-2006-7205: The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent atta The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
nvd
CVE-2025-1217P4LOWCVSS 3.1≥ 8.1.*, < 8.1.32≥ 8.2.*, < 8.2.28+2 more2025-03-29
CVE-2025-1217 [LOW] CWE-20 CVE-2025-1217: In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* befo In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
nvd
CVE-2024-9026P4LOWCVSS 3.3≥ 8.1.*, < 8.1.30≥ 8.2.*, < 8.2.24+1 more2024-10-08
CVE-2024-9026 [LOW] CWE-117 CVE-2024-9026: In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SA In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured t
nvd
Php Group PHP vulnerabilities | cvebase