Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

PHP Group — Vulnerabilities & Security Advisories 88

Browse all 88 CVE security advisories affecting PHP Group. AI-powered Chinese analysis, POCs, and references for each vulnerability.

PHP Group operates as a prominent developer of open-source software, primarily known for creating the PHP scripting language and related web development tools. With 78 recorded Common Vulnerabilities and Exposures, the organization’s codebase has historically been susceptible to critical security flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues often stem from improper input validation and memory management errors within legacy components. While PHP Group actively maintains a security advisory process to patch identified weaknesses, the sheer volume of disclosed CVEs highlights the complexity of securing widely adopted, legacy-heavy infrastructure. The organization’s response to major incidents typically involves rapid security updates and detailed advisories, aiming to mitigate risks for the extensive global community of developers relying on its technologies for web application deployment.

Top products by PHP Group: PHP PHP Imagick extension
CVE IDTitleCVSSSeverityPublished
CVE-2020-7070 PHP parses encoded cookie names so malicious `__Host-` cookies can be sent — PHPCWE-20 4.3 Medium2020-10-02
CVE-2020-7069 Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV — PHPCWE-20 5.4 Medium2020-10-02
CVE-2020-7068 Use of freed hash key in the phar_parse_zipfile function — PHPCWE-416 4.8 Medium2020-09-09
CVE-2019-11048 Temporary files are not cleaned after OOM when parsing HTTP request data — PHPCWE-400 5.3 Medium2020-05-20
CVE-2020-7067 OOB Read in urldecode() — PHPCWE-125 7.5 High2020-04-27
CVE-2020-7065 mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full — PHPCWE-121 7.4 High2020-04-01
CVE-2020-7066 get_headers() silently truncates after a null byte — PHPCWE-170 5.3 Medium2020-04-01
CVE-2020-7064 Use-of-uninitialized-value in exif — PHPCWE-125 6.5 Medium2020-04-01
CVE-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions — PHPCWE-281 5.5 Medium2020-02-27
CVE-2020-7062 Null Pointer Dereference in PHP Session Upload Progress — PHPCWE-476 7.5 High2020-02-27
CVE-2020-7061 heap-buffer-overflow in phar_extract_file — PHPCWE-125 6.5 Medium2020-02-27
CVE-2020-7060 global buffer-overflow in mbfl_filt_conv_big5_wchar — PHPCWE-125 6.5 Medium2020-02-10
CVE-2020-7059 OOB read in php_strip_tags_ex — PHPCWE-125 6.5 Medium2020-02-10
CVE-2019-11050 Use-after-free in exif parsing under memory sanitizer — PHPCWE-125 4.8 Medium2019-12-23
CVE-2019-11046 Buffer underflow in bc_shift_addsub — PHPCWE-125 3.7 Low2019-12-23
CVE-2019-11047 Heap-buffer-overflow READ in exif — PHPCWE-125 4.8 Medium2019-12-23
CVE-2019-11049 mail() may release string with refcount==1 twice — PHPCWE-415 6.5 Medium2019-12-23
CVE-2019-11045 DirectoryIterator class silently truncates after a null byte — PHPCWE-170 3.7 Low2019-12-23
CVE-2019-11044 link() silently truncates after a null byte on Windows — PHPCWE-170 3.7 Low2019-12-23
CVE-2019-11042 heap-buffer-overflow on exif_process_user_comment in EXIF extension — PHPCWE-125 7.1 -2019-08-09
CVE-2019-11041 heap-buffer-overflow on exif_scan_thumbnail in EXIF extension — PHPCWE-125 7.1 -2019-08-09
CVE-2019-11040 Heap buffer overflow in EXIF extension — PHPCWE-125 7.1 -2019-06-18
CVE-2019-11039 Out-of-bounds read in iconv.c — PHPCWE-125 9.1 -2019-06-18
CVE-2019-11038 Uninitialized read in gdImageCreateFromXbm — PHPCWE-457 5.3 -2019-06-18
CVE-2019-11037 Out of bounds memory write in PHP Imagick extension — PHP Imagick extensionCWE-787 9.8 -2019-05-03
CVE-2019-11036 Heap over-read in PHP EXIF extension — PHPCWE-126 9.1 -2019-05-03
CVE-2019-11034 Heap over-read in PHP EXIF extension — PHPCWE-125 9.1 -2019-04-18
CVE-2019-11035 Heap over-read in PHP EXIF extension — PHPCWE-125 9.1 -2019-04-18

This page lists every published CVE security advisory associated with PHP Group. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.