Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-5658

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-17 Dec, 2008 | 20:00
Updated At-07 Aug, 2024 | 11:04
Rejected At-
Credits

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:17 Dec, 2008 | 20:00
Updated At:07 Aug, 2024 | 11:04
Rejected At:
â–¼CVE Numbering Authority (CNA)

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/32625
vdb-entry
x_refsource_BID
http://marc.info/?l=bugtraq&m=125631037611762&w=2
vendor-advisory
x_refsource_HP
http://www.securitytracker.com/id?1021303
vdb-entry
x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=124654546101607&w=2
vendor-advisory
x_refsource_HP
http://www.sektioneins.de/advisories/SE-2008-06.txt
x_refsource_MISC
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
vendor-advisory
x_refsource_FEDORA
http://www.securityfocus.com/archive/1/501376/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://wiki.rpath.com/Advisories:rPSA-2009-0035
x_refsource_CONFIRM
http://osvdb.org/50480
vdb-entry
x_refsource_OSVDB
http://marc.info/?l=bugtraq&m=125631037611762&w=2
vendor-advisory
x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
vdb-entry
x_refsource_XF
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
vendor-advisory
x_refsource_SUSE
http://www.redhat.com/support/errata/RHSA-2009-0350.html
vendor-advisory
x_refsource_REDHAT
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/35003
third-party-advisory
x_refsource_SECUNIA
http://www.php.net/ChangeLog-5.php#5.2.7
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2008/12/04/3
mailing-list
x_refsource_MLIST
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
vendor-advisory
x_refsource_MANDRIVA
http://marc.info/?l=bugtraq&m=124654546101607&w=2
vendor-advisory
x_refsource_HP
http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/35306
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35650
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2009/dsa-1789
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.securityfocus.com/bid/32625
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://marc.info/?l=bugtraq&m=125631037611762&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securitytracker.com/id?1021303
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://marc.info/?l=bugtraq&m=124654546101607&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.sektioneins.de/advisories/SE-2008-06.txt
Resource:
x_refsource_MISC
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/archive/1/501376/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0035
Resource:
x_refsource_CONFIRM
Hyperlink: http://osvdb.org/50480
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://marc.info/?l=bugtraq&m=125631037611762&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0350.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/35003
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.php.net/ChangeLog-5.php#5.2.7
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.openwall.com/lists/oss-security/2008/12/04/3
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://marc.info/?l=bugtraq&m=124654546101607&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/35306
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35650
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2009/dsa-1789
Resource:
vendor-advisory
x_refsource_DEBIAN
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securityfocus.com/bid/32625
vdb-entry
x_refsource_BID
x_transferred
http://marc.info/?l=bugtraq&m=125631037611762&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.securitytracker.com/id?1021303
vdb-entry
x_refsource_SECTRACK
x_transferred
http://marc.info/?l=bugtraq&m=124654546101607&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.sektioneins.de/advisories/SE-2008-06.txt
x_refsource_MISC
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.securityfocus.com/archive/1/501376/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://wiki.rpath.com/Advisories:rPSA-2009-0035
x_refsource_CONFIRM
x_transferred
http://osvdb.org/50480
vdb-entry
x_refsource_OSVDB
x_transferred
http://marc.info/?l=bugtraq&m=125631037611762&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
vdb-entry
x_refsource_XF
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.redhat.com/support/errata/RHSA-2009-0350.html
vendor-advisory
x_refsource_REDHAT
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/35003
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.php.net/ChangeLog-5.php#5.2.7
x_refsource_CONFIRM
x_transferred
http://www.openwall.com/lists/oss-security/2008/12/04/3
mailing-list
x_refsource_MLIST
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://marc.info/?l=bugtraq&m=124654546101607&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/35306
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35650
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2009/dsa-1789
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/32625
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=125631037611762&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securitytracker.com/id?1021303
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=124654546101607&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.sektioneins.de/advisories/SE-2008-06.txt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/501376/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0035
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://osvdb.org/50480
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=125631037611762&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0350.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/35003
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.php.net/ChangeLog-5.php#5.2.7
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2008/12/04/3
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=124654546101607&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/35306
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35650
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2009/dsa-1789
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:17 Dec, 2008 | 20:30
Updated At:23 Apr, 2026 | 00:35

Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches

The PHP Group
php
>>php>>Versions up to 5.2.6(inclusive)
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.0
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.0
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.0
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.0
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.0
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.0
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.0
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.0
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.1
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.2
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.3
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.4
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.0.5
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.1.0
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.1.1
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.1.2
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.1.3
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.1.4
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.1.5
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.1.6
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.0
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.1
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.2
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.3
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.4
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*
The PHP Group
php
>>php>>5.2.5
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

Organization : Red Hat
Last Modified : 2009-04-15T00:00:00

This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html

References
HyperlinkSourceResource
http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.htmlcve@mitre.org
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlcve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=124654546101607&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=125631037611762&w=2cve@mitre.org
N/A
http://osvdb.org/50480cve@mitre.org
N/A
http://secunia.com/advisories/35003cve@mitre.org
N/A
http://secunia.com/advisories/35306cve@mitre.org
N/A
http://secunia.com/advisories/35650cve@mitre.org
N/A
http://wiki.rpath.com/Advisories:rPSA-2009-0035cve@mitre.org
N/A
http://www.debian.org/security/2009/dsa-1789cve@mitre.org
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045cve@mitre.org
N/A
http://www.openwall.com/lists/oss-security/2008/12/04/3cve@mitre.org
N/A
http://www.php.net/ChangeLog-5.php#5.2.7cve@mitre.org
N/A
http://www.redhat.com/support/errata/RHSA-2009-0350.htmlcve@mitre.org
N/A
http://www.securityfocus.com/archive/1/501376/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/32625cve@mitre.org
N/A
http://www.securitytracker.com/id?1021303cve@mitre.org
N/A
http://www.sektioneins.de/advisories/SE-2008-06.txtcve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47079cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.htmlcve@mitre.org
N/A
http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=124654546101607&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=125631037611762&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/50480af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35003af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35306af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35650af854a3a-2127-422b-91ae-364da2661108
N/A
http://wiki.rpath.com/Advisories:rPSA-2009-0035af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2009/dsa-1789af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:045af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.openwall.com/lists/oss-security/2008/12/04/3af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.php.net/ChangeLog-5.php#5.2.7af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2009-0350.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/501376/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/32625af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1021303af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.sektioneins.de/advisories/SE-2008-06.txtaf854a3a-2127-422b-91ae-364da2661108
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47079af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=124654546101607&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=125631037611762&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/50480
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35003
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35306
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/35650
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0035
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1789
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/12/04/3
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.php.net/ChangeLog-5.php#5.2.7
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0350.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/501376/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/32625
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021303
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.sektioneins.de/advisories/SE-2008-06.txt
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2008-12/0039.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=124654546101607&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=125631037611762&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/50480
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35003
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35306
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35650
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://wiki.rpath.com/Advisories:rPSA-2009-0035
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2009/dsa-1789
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:045
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.openwall.com/lists/oss-security/2008/12/04/3
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.php.net/ChangeLog-5.php#5.2.7
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2009-0350.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/501376/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/32625
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1021303
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.sektioneins.de/advisories/SE-2008-06.txt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47079
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

815Records found

CVE-2007-4825
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.43% / 87.50%
||
7 Day CHG~0.00%
Published-12 Sep, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2007-4663
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.14% / 79.81%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2013-2220
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-3.68% / 88.34%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value.

Action-Not Available
Vendor-radius_extension_projectn/aThe PHP Group
Product-radiusphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-0985
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.95% / 85.48%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

Action-Not Available
Vendor-openpkgn/aThe PHP Group
Product-openpkgphpn/a
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2012-2386
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-42.48% / 98.53%
||
7 Day CHG~0.00%
Published-07 Jul, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2012-2335
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-32.54% / 98.13%
||
7 Day CHG~0.00%
Published-11 May, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2012-1823
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-100.00% / 99.99%
||
7 Day CHG~0.00%
Published-11 May, 2012 | 10:00
Updated-21 Apr, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Action-Not Available
Vendor-n/aHP Inc.Red Hat, Inc.The PHP GroupApple Inc.openSUSESUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxmac_os_xenterprise_linux_desktopstoragelinux_enterprise_serverenterprise_linux_server_ausapplication_stackfedoralinux_enterprise_software_development_kitstorage_for_public_cloudhp-uxphpenterprise_linux_serverenterprise_linux_workstationenterprise_linux_eusgluster_storage_server_for_on-premiseopensusen/aPHP
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2012-0830
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-30.14% / 97.99%
||
7 Day CHG~0.00%
Published-06 Feb, 2012 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-1999-0068
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.03% / 93.40%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CGI PHP mylog script allows an attacker to read any file on the target server.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2011-3379
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.01% / 91.20%
||
7 Day CHG~0.00%
Published-03 Nov, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2019-9025
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.06% / 85.98%
||
7 Day CHG+0.08%
Published-22 Feb, 2019 | 23:00
Updated-04 Aug, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PHP 7.3.x before 7.3.1. An invalid multibyte string supplied as an argument to the mb_split() function in ext/mbstring/php_mbregex.c can cause PHP to execute memcpy() with a negative argument, which could read and write past buffers allocated for the data.

Action-Not Available
Vendor-n/aNetApp, Inc.The PHP Group
Product-phpstorage_automation_storen/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2011-1938
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-22.72% / 97.44%
||
7 Day CHG~0.00%
Published-31 May, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in the socket_connect function in ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow context-dependent attackers to execute arbitrary code via a long pathname for a UNIX socket.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2011-1153
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.83% / 93.24%
||
7 Day CHG~0.00%
Published-16 Mar, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple format string vulnerabilities in phar_object.c in the phar extension in PHP 5.3.5 and earlier allow context-dependent attackers to obtain sensitive information from process memory, cause a denial of service (memory corruption), or possibly execute arbitrary code via format string specifiers in an argument to a class method, leading to an incorrect zend_throw_exception_ex call.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2022-26635
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-21.44% / 97.31%
||
7 Day CHG~0.00%
Published-05 Apr, 2022 | 17:00
Updated-03 Aug, 2024 | 05:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.

Action-Not Available
Vendor-n/aThe PHP Group
Product-memcachedn/a
CVE-2005-3392
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.90% / 93.30%
||
7 Day CHG~0.00%
Published-01 Nov, 2005 | 11:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2010-1129
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.54% / 83.05%
||
7 Day CHG+0.02%
Published-26 Mar, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the tempnam function.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2009-4018
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-11.34% / 95.45%
||
7 Day CHG~0.00%
Published-27 Nov, 2009 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2022-27157
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.15% / 63.10%
||
7 Day CHG+0.03%
Published-15 Apr, 2022 | 18:00
Updated-03 Aug, 2024 | 05:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.

Action-Not Available
Vendor-n/aThe PHP Group
Product-pearwebn/a
CWE ID-CWE-640
Weak Password Recovery Mechanism for Forgotten Password
CVE-2002-0081
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-24.26% / 97.59%
||
7 Day CHG~0.00%
Published-25 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2009-3291
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.91% / 85.29%
||
7 Day CHG~0.00%
Published-22 Sep, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2005-1042
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-4.02% / 89.32%
||
7 Day CHG~0.00%
Published-12 Apr, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2009-3559
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-2.70% / 84.09%
||
7 Day CHG~0.00%
Published-23 Nov, 2009 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

main/streams/plain_wrapper.c in PHP 5.3.x before 5.3.1 does not recognize the safe_mode_include_dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform include or require operations, as demonstrated by a script that attempts to perform a require_once on a file in a standard library directory. NOTE: a reliable third party reports that this is not a vulnerability, because it results in a more restrictive security policy.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2019-13224
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.05% / 89.39%
||
7 Day CHG~0.00%
Published-10 Jul, 2019 | 13:50
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust.

Action-Not Available
Vendor-oniguruma_projectn/aCanonical Ltd.Fedora ProjectThe PHP GroupDebian GNU/Linux
Product-ubuntu_linuxphponigurumadebian_linuxfedoran/a
CWE ID-CWE-416
Use After Free
CVE-2008-5625
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.31% / 93.63%
||
7 Day CHG~0.00%
Published-17 Dec, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log" entry in a .htaccess file.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2015-8835
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.19% / 92.64%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a denial of service (NULL pointer dereference, type confusion, and application crash) or possibly execute arbitrary code via crafted serialized data representing a numerically indexed _cookies array, related to the SoapClient::__call method in ext/soap/soap.c.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2008-3658
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.85% / 93.25%
||
7 Day CHG~0.00%
Published-15 Aug, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2002-0717
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.95% / 95.35%
||
7 Day CHG~0.00%
Published-23 Jul, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2008-0145
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 81.27%
||
7 Day CHG~0.00%
Published-08 Jan, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2019-11043
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-8.7||HIGH
EPSS-99.47% / 99.94%
||
7 Day CHG~0.00%
Published-28 Oct, 2019 | 14:19
Updated-03 Nov, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||Apply updates per vendor instructions.
Underflow in PHP-FPM can lead to RCE

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Action-Not Available
Vendor-Canonical Ltd.Tenable, Inc.Red Hat, Inc.The PHP GroupFedora ProjectDebian GNU/Linux
Product-enterprise_linux_for_ibm_z_systemsenterprise_linuxenterprise_linux_serverenterprise_linux_eusubuntu_linuxenterprise_linux_for_power_little_endianphpenterprise_linux_desktoptenable.scenterprise_linux_eus_compute_nodeenterprise_linux_for_arm_64_eusenterprise_linux_for_power_big_endian_eussoftware_collectionsdebian_linuxenterprise_linux_server_ausenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianenterprise_linux_server_tusenterprise_linux_for_arm_64fedoraenterprise_linux_for_scientific_computingenterprise_linux_workstationPHPFastCGI Process Manager (FPM)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2007-5424
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.69% / 74.26%
||
7 Day CHG~0.00%
Published-12 Oct, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2019-11037
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-4.9||MEDIUM
EPSS-1.97% / 78.02%
||
7 Day CHG~0.00%
Published-03 May, 2019 | 19:28
Updated-16 Sep, 2024 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Out of bounds memory write in PHP Imagick extension

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

Action-Not Available
Vendor-The PHP Group
Product-imagickPHP Imagick extension
CWE ID-CWE-787
Out-of-bounds Write
CVE-2015-4025
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-20.23% / 97.15%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.

Action-Not Available
Vendor-n/aApple Inc.Red Hat, Inc.The PHP Group
Product-phpmac_os_xenterprise_linux_serverenterprise_linux_workstationenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_hpc_nodeenterprise_linuxenterprise_linux_hpc_node_eusn/a
CVE-2007-4659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.27% / 86.89%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2007-4596
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.78% / 93.92%
||
7 Day CHG~0.00%
Published-30 Aug, 2007 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-3997
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.82% / 96.06%
||
7 Day CHG~0.00%
Published-04 Sep, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2019-11049
Matching Score-8
Assigner-PHP Group
ShareView Details
Matching Score-8
Assigner-PHP Group
CVSS Score-6.5||MEDIUM
EPSS-4.22% / 89.78%
||
7 Day CHG+0.11%
Published-23 Dec, 2019 | 02:40
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mail() may release string with refcount==1 twice

In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplying custom headers to mail() function, due to mistake introduced in commit 78f4b4a2dcf92ddbccea1bb95f8390a18ac3342e, if the header is supplied in lowercase, this can result in double-freeing certain memory locations.

Action-Not Available
Vendor-The PHP GroupDebian GNU/LinuxTenable, Inc.Fedora ProjectMicrosoft Corporation
Product-phpdebian_linuxfedorawindowssecuritycenterPHP
CWE ID-CWE-415
Double Free
CVE-2007-4033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.66% / 96.92%
||
7 Day CHG~0.00%
Published-27 Jul, 2007 | 22:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

Action-Not Available
Vendor-t1libn/aThe PHP Group
Product-t1libphpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-3294
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.39% / 94.80%
||
7 Day CHG~0.00%
Published-20 Jun, 2007 | 21:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unspecified vector to the tidy_repair_string function. NOTE: this might only be an issue in environments where vsnprintf is implemented as a wrapper for vsprintf.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-1453
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.52% / 94.86%
||
7 Day CHG~0.00%
Published-14 Mar, 2007 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes filter to write a null byte in whitespace that precedes the buffer.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2002-1396
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.65% / 88.23%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2003-0166
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.12% / 96.13%
||
7 Day CHG~0.00%
Published-27 Mar, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2007-1825
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.38% / 95.17%
||
7 Day CHG~0.00%
Published-02 Apr, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2003-0172
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.00% / 96.96%
||
7 Day CHG~0.00%
Published-29 Mar, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2007-1413
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.09% / 95.39%
||
7 Day CHG~0.00%
Published-12 Mar, 2007 | 23:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2007-1887
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.75% / 90.79%
||
7 Day CHG~0.00%
Published-06 Apr, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by calling the sqlite_udf_decode_binary function with a 0x01 character.

Action-Not Available
Vendor-n/aCanonical Ltd.The PHP GroupDebian GNU/Linux
Product-debian_linuxubuntu_linuxphpn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2007-1777
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-15.33% / 96.38%
||
7 Day CHG~0.00%
Published-30 Mar, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, triggering a heap overflow.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2007-1888
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.49% / 87.70%
||
7 Day CHG~0.00%
Published-06 Apr, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2007-1890
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-7.84% / 93.96%
||
7 Day CHG~0.00%
Published-06 Apr, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2007-1700
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.02% / 94.65%
||
7 Day CHG~0.00%
Published-27 Mar, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CVE-2007-1889
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.09% / 86.11%
||
7 Day CHG~0.00%
Published-06 Apr, 2007 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 16
  • 17
  • Next
Details not found