Main Vulnerability Database SB2018103061

SB2018103061 - Multiple vulnerabilities in PHP

Published: October 30, 2018 Updated: June 13, 2025

Security Bulletin ID SB2018103061

Severity

High

Patch available

YES

Number of vulnerabilities 78

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 78 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2010-4409)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.

2) Cross-site scripting (CVE-ID: CVE-2009-5016)

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data when processing data passed via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

3) Cross-site scripting (CVE-ID: CVE-2009-4142)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows remote attackers to conduct cross-site scripting (XSS) attacks by placing a crafted byte sequence before a special character.

4) Input validation error (CVE-ID: CVE-2009-4143)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.

5) Input validation error (CVE-ID: CVE-2009-2626)

The vulnerability allows a remote non-authenticated attacker to read memory contents or crash the application.

The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a variable, then using the ini_restore function to restore the variable.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2009-4018)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute programs with an arbitrary environment via the env parameter, as demonstrated by a crafted value of the LD_LIBRARY_PATH environment variable.

7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2009-3557)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.

8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2009-3558)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file. Access Complexity selected medium according to the information from X-force link regarding enabling "open_basedir" option. http://xforce.iss.net/xforce/xfdb/53568

9) Input validation error (CVE-ID: CVE-2009-3291)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The php_openssl_apply_verification_policy function in PHP before 5.2.11 does not properly perform certificate validation, which has unknown impact and attack vectors, probably related to an ability to spoof certificates.

10) Input validation error (CVE-ID: CVE-2009-3292)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to "missing sanity checks around exif processing."

11) Input validation error (CVE-ID: CVE-2009-3293)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."

12) Input validation error (CVE-ID: CVE-2008-7068)

The vulnerability allows context-dependent attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (file truncation) via a key with the NULL byte.

13) Cross-site scripting (CVE-ID: CVE-2008-5814)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in PHP, possibly 5.2.7 and earlier, when display_errors is enabled,. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

14) Input validation error (CVE-ID: CVE-2008-4107)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by the password-reset functionality in Joomla! 1.5.x and WordPress before 2.6.2, a different vulnerability than CVE-2008-2107, CVE-2008-2108, and CVE-2008-4102. Download the latest version of PHP to fix this vulnerability: http://www.php.net/downloads.php

15) Input validation error (CVE-ID: CVE-2007-4658)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.

16) Link following (CVE-ID: CVE-2007-4652)

The vulnerability allows a local user to read and manipulate data.

The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.

17) Input validation error (CVE-ID: CVE-2007-3799)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the session_id function, and (3) the session_start function, which are not encoded or filtered when the new session cookie is generated, a related issue to CVE-2006-0207.

18) Input validation error (CVE-ID: CVE-2007-2844)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.

19) Input validation error (CVE-ID: CVE-2007-2727)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys.

20) Input validation error (CVE-ID: CVE-2007-2509)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

CRLF injection vulnerability in the ftp_putcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands.

21) Buffer overflow (CVE-ID: CVE-2007-2510)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.

22) Input validation error (CVE-ID: CVE-2007-2511)

The vulnerability allows a local user to execute arbitrary code.

Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.

23) Input validation error (CVE-ID: CVE-2007-1883)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain convert_to_* functions with its input parameters.

24) Input validation error (CVE-ID: CVE-2007-1884)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the php_formatted_print function because of 64 to 32 bit truncation, and bypass a check for the maximum allowable value; and (2) a width and precision of -1, which make it possible for the php_sprintf_appendstring function to place an internal buffer at an arbitrary memory location.

25) Input validation error (CVE-ID: CVE-2007-1885)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows a 32 bit length counter. NOTE: this is probably the same issue as CVE-2007-0906.6.

26) Input validation error (CVE-ID: CVE-2007-1888)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

27) Input validation error (CVE-ID: CVE-2007-1890)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff.

28) Input validation error (CVE-ID: CVE-2007-1001)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP) images with large width or height values.

29) Input validation error (CVE-ID: CVE-2007-1835)

The vulnerability allows a local user to read and manipulate data.

PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.

30) Input validation error (CVE-ID: CVE-2007-1825)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue might be subsumed by CVE-2007-0906.3.

31) Heap-based buffer overflow (CVE-ID: CVE-2007-1777)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5. A remote attacker can use a ZIP archive that contains an entry with a length value of 0xffffffff to trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

32) Input validation error (CVE-ID: CVE-2007-1717)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NOTE: this issue might be security-relevant in cases when the trailing contents of e-mail messages are important, such as logging information or if the message is expected to be well-formed.

33) Input validation error (CVE-ID: CVE-2007-1718)

The vulnerability allows a remote non-authenticated attacker to manipulate data.

CRLF injection vulnerability in the mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows remote attackers to inject arbitrary e-mail headers and possibly conduct spam attacks via a control character immediately following folding of the (1) Subject or (2) To parameter, as demonstrated by a parameter containing a " " sequence, related to an increment bug in the SKIP_LONG_HEADER_SEP macro.

34) Input validation error (CVE-ID: CVE-2007-1700)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the session_register after unsetting HTTP_SESSION_VARS and _SESSION, which destroys the session data Hashtable.

35) Input validation error (CVE-ID: CVE-2007-1582)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error handler, which can be used to destroy and modify internal resources.

36) Input validation error (CVE-ID: CVE-2007-1583)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.

37) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2007-1460)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.

38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2007-1461)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended directories.

39) Input validation error (CVE-ID: CVE-2007-1396)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritten, which allows remote attackers to spoof source IP address and Referer data, and have other unspecified impact. NOTE: it could be argued that this is a design limitation of PHP and that only the misuse of this feature, i.e. implementation bugs in applications, should be included in CVE. However, it has been fixed by the vendor.

40) Input validation error (CVE-ID: CVE-2007-1376)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associated with an inappropriate resource, as demonstrated by a GD Image resource.

41) Input validation error (CVE-ID: CVE-2007-1378)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.

42) Input validation error (CVE-ID: CVE-2007-1379)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.

43) Input validation error (CVE-ID: CVE-2007-1380)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, which triggers a buffer over-read.

44) Input validation error (CVE-ID: CVE-2007-0905)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.

45) Input validation error (CVE-ID: CVE-2007-0906)

The vulnerability allows attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) str_replace, (7) mail, (8) ibase_delete_user, (9) ibase_add_user, and (10) ibase_modify_user functions. NOTE: vector 6 might actually be an integer overflow (CVE-2007-1885).

46) Input validation error (CVE-ID: CVE-2007-0907)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.

47) Input validation error (CVE-ID: CVE-2007-0909)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.

48) Input validation error (CVE-ID: CVE-2007-0910)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.

49) Code Injection (CVE-ID: CVE-2006-4812)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).

50) Race condition (CVE-ID: CVE-2006-5178)

The vulnerability allows a local user to execute arbitrary code.

Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.

51) Input validation error (CVE-ID: CVE-2006-4625)

The vulnerability allows a local user to read and manipulate data.

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

52) Input validation error (CVE-ID: CVE-2006-4433)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. NOTE: it could be argued that this not a vulnerability in PHP itself, rather a design limitation that enables certain attacks against session handlers that do not account for this limitation.

53) Input validation error (CVE-ID: CVE-2006-4020)

The vulnerability allows a local user to read and manipulate data.

scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.

54) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2006-3011)

The vulnerability allows a local user to read and manipulate data.

The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.

55) Path traversal (CVE-ID: CVE-2006-1494)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to create files in arbitrary directories via the tempnam function.

56) Input validation error (CVE-ID: CVE-2006-1608)

The vulnerability allows a local user to gain access to sensitive information.

The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.

57) Input validation error (CVE-ID: CVE-2006-1490)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.

58) Input validation error (CVE-ID: CVE-2006-1015)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

59) Input validation error (CVE-ID: CVE-2006-1017)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.

60) Input validation error (CVE-ID: CVE-2005-3883)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

61) Cross-site scripting (CVE-ID: CVE-2005-3388)

Vulnerability allows a remote attacker to perform Cross-site scripting attacks.

An input validation error exists in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

62) Input validation error (CVE-ID: CVE-2005-3389)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

63) Input validation error (CVE-ID: CVE-2005-3390)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.

64) Input validation error (CVE-ID: CVE-2005-3391)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

65) Input validation error (CVE-ID: CVE-2005-3392)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.

66) Input validation error (CVE-ID: CVE-2005-3319)

The vulnerability allows a local user to perform service disruption.

The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.

67) Input validation error (CVE-ID: CVE-2004-1019)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

68) Input validation error (CVE-ID: CVE-2004-1065)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

69) Cross-site scripting (CVE-ID: CVE-2004-0595)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. The vulnerability allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

70) Input validation error (CVE-ID: CVE-2003-0860)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.

71) Input validation error (CVE-ID: CVE-2003-0861)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.

72) Input validation error (CVE-ID: CVE-2003-0166)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.

73) Input validation error (CVE-ID: CVE-2002-1396)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.

74) Input validation error (CVE-ID: CVE-2002-1783)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected into arguments that are passed to the (1) fopen or (2) file functions.

75) Input validation error (CVE-ID: CVE-2002-2215)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service via an e-mail message with a large number of "To" addresses, which triggers an error in the rfc822_write_address function.

76) Resource management error (CVE-ID: CVE-2002-2309)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.

77) Input validation error (CVE-ID: CVE-2002-0986)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

78) Input validation error (CVE-ID: CVE-2002-0484)

The vulnerability allows a remote non-authenticated attacker to corrupt data.

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

Remediation

Install update from vendor's website.

SB2018103061 - Multiple vulnerabilities in PHP

Breakdown by Severity

Description

Remediation

References

Please verify you're human