目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

PHP 产品漏洞列表 / CVE 中文分析 90

PHP 产品相关 90 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

ベンダー: PHP

CVE IDタイトルCVSS深刻度公開日
CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) CWE-78 8.1 High2024-10-08
CVE-2024-8925 Erroneous parsing of multipart form data 3.1 Low2024-10-08
CVE-2024-2408 PHP is vulnerable to the Marvin Attack 8.1 -2024-06-09
CVE-2024-4577 Argument Injection in PHP-CGI CWE-78 9.8 Critical2024-06-09
CVE-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix) CWE-116 7.7 High2024-06-09
CVE-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL) 5.3 Medium2024-06-09
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open() CWE-116 9.4 Critical2024-04-29
CVE-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs 7.5 High2024-04-29
CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL CWE-20 6.5 Medium2024-04-29
CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CWE-20 6.5 Medium2024-04-29
CVE-2022-4900 Potential buffer overflow in php_cli_server_startup_workers CWE-119 6.2 Medium2023-11-02
CVE-2023-3824 Buffer overflow and overread in phar_dir_read() CWE-119 9.4 Critical2023-08-11
CVE-2023-3823 Security issue with external entity loading in XML without enabling it 8.6 High2023-08-11
CVE-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP CWE-252 2.6 Low2023-07-22
CVE-2023-0568 Array overrun in common path resolve code CWE-131 7.5 High2023-02-16
CVE-2023-0662 DoS vulnerability when parsing multipart request body CWE-400 7.5 High2023-02-16
CVE-2023-0567 password_verify() always returns true for some invalid hashes 7.7 High2023-02-16
CVE-2022-31630 OOB read due to insufficient input validation in imageloadfont() CWE-131 6.5 Medium2022-11-14
CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities CWE-20 6.5 -2022-09-28
CVE-2022-31628 phar wrapper can occur dos when using quine gzip file CWE-674 2.3 Low2022-09-28
CVE-2022-31627 Heap buffer overflow in finfo_buffer CWE-590 7.7 High2022-07-28
CVE-2022-31626 mysqlnd/pdo password buffer overflow CWE-120 7.5 High2022-06-16
CVE-2022-31625 Freeing unallocated memory in php_pgsql_free_params() CWE-590 8.1 High2022-06-16
CVE-2021-21708 UAF due to php_filter_float() failing CWE-416 8.2 High2022-02-27
CVE-2021-21707 Special characters break path parsing in XML functions CWE-159 5.3 Medium2021-11-29
CVE-2021-21703 PHP-FPM memory access in root process leading to privilege escalation CWE-787 7.8 High2021-10-25
CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir CWE-24 5.3 Medium2021-10-04
CVE-2021-21705 Incorrect URL validation in FILTER_VALIDATE_URL CWE-20 4.3 Medium2021-10-04
CVE-2021-21704 Multiple vulnerabilities in Firebird client extension CWE-125 5.0 Medium2021-10-04
CVE-2021-21702 Null Dereference in SoapClient CWE-476 5.3 Medium2021-02-15

PHP 产品累计公开 90 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。