Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now

PHP Group — Vulnerabilities & Security Advisories 78

Browse all 78 CVE security advisories affecting PHP Group. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top 10 Products PHP Group:PHPPHP Imagick extension
CVE IDTitleCVSSSeverityPaused
CVE-2023-3824 Buffer overflow and overread in phar_dir_read() — PHPCWE-119 9.4 Critical2023-08-11
CVE-2023-3823 Security issue with external entity loading in XML without enabling it — PHP 8.6 High2023-08-11
CVE-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP — PHPCWE-252 2.6 Low2023-07-22
CVE-2023-0568 Array overrun in common path resolve code — PHPCWE-131 7.5 High2023-02-16
CVE-2023-0662 DoS vulnerability when parsing multipart request body — PHPCWE-400 7.5 High2023-02-16
CVE-2023-0567 password_verify() always returns true for some invalid hashes — PHP 7.7 High2023-02-16
CVE-2022-31630 OOB read due to insufficient input validation in imageloadfont() — PHPCWE-131 6.5 Medium2022-11-14
CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities — PHPCWE-20 6.5 -2022-09-28
CVE-2022-31628 phar wrapper can occur dos when using quine gzip file — PHPCWE-674 2.3 Low2022-09-28
CVE-2022-31627 Heap buffer overflow in finfo_buffer — PHPCWE-590 7.7 High2022-07-28
CVE-2022-31626 mysqlnd/pdo password buffer overflow — PHPCWE-120 7.5 High2022-06-16
CVE-2022-31625 Freeing unallocated memory in php_pgsql_free_params() — PHPCWE-590 8.1 High2022-06-16
CVE-2021-21708 UAF due to php_filter_float() failing — PHPCWE-416 8.2 High2022-02-27
CVE-2021-21707 Special characters break path parsing in XML functions — PHPCWE-159 5.3 Medium2021-11-29
CVE-2021-21703 PHP-FPM memory access in root process leading to privilege escalation — PHPCWE-787 7.8 High2021-10-25
CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir — PHPCWE-24 5.3 Medium2021-10-04
CVE-2021-21705 Incorrect URL validation in FILTER_VALIDATE_URL — PHPCWE-20 4.3 Medium2021-10-04
CVE-2021-21704 Multiple vulnerabilities in Firebird client extension — PHPCWE-125 5.0 Medium2021-10-04
CVE-2021-21702 Null Dereference in SoapClient — PHPCWE-476 5.3 Medium2021-02-15
CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo — PHPCWE-20 5.3 Medium2021-02-15
CVE-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent — PHPCWE-20 4.3 Medium2020-10-02
CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV — PHPCWE-20 5.4 Medium2020-10-02
CVE-2020-7068 Use of freed hash key in the phar_parse_zipfile function — PHPCWE-416 4.8 Medium2020-09-09
CVE-2019-11048 Temporary files are not cleaned after OOM when parsing HTTP request data — PHPCWE-400 5.3 Medium2020-05-20
CVE-2020-7067 OOB Read in urldecode() — PHPCWE-125 7.5 High2020-04-27
CVE-2020-7066 get_headers() silently truncates after a null byte — PHPCWE-170 5.3 Medium2020-04-01
CVE-2020-7065 mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full — PHPCWE-121 7.4 High2020-04-01
CVE-2020-7064 Use-of-uninitialized-value in exif — PHPCWE-125 6.5 Medium2020-04-01
CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions — PHPCWE-281 5.5 Medium2020-02-27
CVE-2020-7061 heap-buffer-overflow in phar_extract_file — PHPCWE-125 6.5 Medium2020-02-27

This page lists every published CVE security advisory associated with PHP Group. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.