Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PHP Group — Vulnerabilities & Security Advisories 88

Browse all 88 CVE security advisories affecting PHP Group. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PHP Group operates as a prominent developer of open-source software, primarily known for creating the PHP scripting language and related web development tools. With 78 recorded Common Vulnerabilities and Exposures, the organization’s codebase has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and memory management errors within legacy components. While PHP Group actively maintains a security advisory process to patch identified weaknesses, the sheer volume of disclosed CVEs highlights the complexity of securing widely adopted, legacy-heavy infrastructure. The organization’s response to major incidents typically involves rapid security updates and detailed advisories, aiming to mitigate risks for the extensive global community of developers relying on its technologies for web application deployment.

Top products by PHP Group: PHP PHP Imagick extension
CVE IDTitleCVSSSeverityPublished
CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass) — PHPCWE-78 8.1 High2024-10-08
CVE-2024-8925 Erroneous parsing of multipart form data — PHP 3.1 Low2024-10-08
CVE-2024-2408 PHP is vulnerable to the Marvin Attack — PHP 8.1 -2024-06-09
CVE-2024-4577 Argument Injection in PHP-CGI — PHPCWE-78 9.8 Critical2024-06-09
CVE-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix) — PHPCWE-116 7.7 High2024-06-09
CVE-2024-5458 Filter bypass in filter_var (FILTER_VALIDATE_URL) — PHP 5.3 Medium2024-06-09
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open() — PHPCWE-116 9.4 Critical2024-04-29
CVE-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs — PHP 7.5 High2024-04-29
CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL — PHPCWE-20 6.5 Medium2024-04-29
CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix — PHPCWE-20 6.5 Medium2024-04-29
CVE-2023-3824 Buffer overflow and overread in phar_dir_read() — PHPCWE-119 9.4 Critical2023-08-11
CVE-2023-3823 Security issue with external entity loading in XML without enabling it — PHP 8.6 High2023-08-11
CVE-2023-3247 Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP — PHPCWE-252 2.6 Low2023-07-22
CVE-2023-0568 Array overrun in common path resolve code — PHPCWE-131 7.5 High2023-02-16
CVE-2023-0662 DoS vulnerability when parsing multipart request body — PHPCWE-400 7.5 High2023-02-16
CVE-2023-0567 password_verify() always returns true for some invalid hashes — PHP 7.7 High2023-02-16
CVE-2022-31630 OOB read due to insufficient input validation in imageloadfont() — PHPCWE-131 6.5 Medium2022-11-14
CVE-2022-31629 $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities — PHPCWE-20 6.5 -2022-09-28
CVE-2022-31628 phar wrapper can occur dos when using quine gzip file — PHPCWE-674 2.3 Low2022-09-28
CVE-2022-31627 Heap buffer overflow in finfo_buffer — PHPCWE-590 7.7 High2022-07-28
CVE-2022-31626 mysqlnd/pdo password buffer overflow — PHPCWE-120 7.5 High2022-06-16
CVE-2022-31625 Freeing unallocated memory in php_pgsql_free_params() — PHPCWE-590 8.1 High2022-06-16
CVE-2021-21708 UAF due to php_filter_float() failing — PHPCWE-416 8.2 High2022-02-27
CVE-2021-21707 Special characters break path parsing in XML functions — PHPCWE-159 5.3 Medium2021-11-29
CVE-2021-21703 PHP-FPM memory access in root process leading to privilege escalation — PHPCWE-787 7.8 High2021-10-25
CVE-2021-21706 ZipArchive::extractTo may extract outside of destination dir — PHPCWE-24 5.3 Medium2021-10-04
CVE-2021-21705 Incorrect URL validation in FILTER_VALIDATE_URL — PHPCWE-20 4.3 Medium2021-10-04
CVE-2021-21704 Multiple vulnerabilities in Firebird client extension — PHPCWE-125 5.0 Medium2021-10-04
CVE-2021-21702 Null Dereference in SoapClient — PHPCWE-476 5.3 Medium2021-02-15
CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo — PHPCWE-20 5.3 Medium2021-02-15

This page lists every published CVE security advisory associated with PHP Group. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.