Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PHP — Vulnerabilities & Security Advisories 90

All 90 CVE vulnerabilities found in PHP, with AI-generated Chinese analysis, references, and POCs.

Vendor: PHP

CVE IDTitleCVSSSeverityPublished
CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo CWE-20 5.3 Medium2021-02-15
CVE-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent CWE-20 4.3 Medium2020-10-02
CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV CWE-20 5.4 Medium2020-10-02
CVE-2020-7068 Use of freed hash key in the phar_parse_zipfile function CWE-416 4.8 Medium2020-09-09
CVE-2019-11048 Temporary files are not cleaned after OOM when parsing HTTP request data CWE-400 5.3 Medium2020-05-20
CVE-2020-7067 OOB Read in urldecode() CWE-125 7.5 High2020-04-27
CVE-2020-7066 get_headers() silently truncates after a null byte CWE-170 5.3 Medium2020-04-01
CVE-2020-7065 mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full CWE-121 7.4 High2020-04-01
CVE-2020-7064 Use-of-uninitialized-value in exif CWE-125 6.5 Medium2020-04-01
CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions CWE-281 5.5 Medium2020-02-27
CVE-2020-7062 Null Pointer Dereference in PHP Session Upload Progress CWE-476 7.5 High2020-02-27
CVE-2020-7061 heap-buffer-overflow in phar_extract_file CWE-125 6.5 Medium2020-02-27
CVE-2014-3622 PHP Posthandler 资源管理错误漏洞 9.8 -2020-02-19
CVE-2020-7060 global buffer-overflow in mbfl_filt_conv_big5_wchar CWE-125 6.5 Medium2020-02-10
CVE-2020-7059 OOB read in php_strip_tags_ex CWE-125 6.5 Medium2020-02-10
CVE-2019-11050 Use-after-free in exif parsing under memory sanitizer CWE-125 4.8 Medium2019-12-23
CVE-2019-11049 mail() may release string with refcount==1 twice CWE-415 6.5 Medium2019-12-23
CVE-2019-11047 Heap-buffer-overflow READ in exif CWE-125 4.8 Medium2019-12-23
CVE-2019-11046 Buffer underflow in bc_shift_addsub CWE-125 3.7 Low2019-12-23
CVE-2019-11045 DirectoryIterator class silently truncates after a null byte CWE-170 3.7 Low2019-12-23
CVE-2019-11044 link() silently truncates after a null byte on Windows CWE-170 3.7 Low2019-12-23
CVE-2019-11043 Underflow in PHP-FPM can lead to RCE CWE-120 8.7 High2019-10-28
CVE-2019-11042 heap-buffer-overflow on exif_process_user_comment in EXIF extension CWE-125 7.1 -2019-08-09
CVE-2019-11041 heap-buffer-overflow on exif_scan_thumbnail in EXIF extension CWE-125 7.1 -2019-08-09
CVE-2019-11040 Heap buffer overflow in EXIF extension CWE-125 7.1 -2019-06-18
CVE-2019-11039 Out-of-bounds read in iconv.c CWE-125 9.1 -2019-06-18
CVE-2019-11038 Uninitialized read in gdImageCreateFromXbm CWE-457 5.3 -2019-06-18
CVE-2019-11036 Heap over-read in PHP EXIF extension CWE-126 9.1 -2019-05-03
CVE-2019-11035 Heap over-read in PHP EXIF extension CWE-125 9.1 -2019-04-18
CVE-2019-11034 Heap over-read in PHP EXIF extension CWE-125 9.1 -2019-04-18

All 90 known CVE vulnerabilities affecting PHP with full Chinese analysis, references, and POCs where available.