Vulnerabilities (CVE)

Filtered by vendor Php Subscribe
Total 744 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2002-0229 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attackers with access to the MySQL database to bypass Safe Mode access restrictions and read arbitrary files using "LOAD DATA INFILE LOCAL" SQL statements.
CVE-2002-1396 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2000-0967 1 Php 1 Php 2025-04-03 10.0 HIGH N/A
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
CVE-2002-1954 1 Php 1 Php 2025-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
CVE-2006-1558 1 Php 1 Php Script Index 2025-04-03 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2002-0121 1 Php 1 Php 2025-04-03 2.1 LOW N/A
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
CVE-2001-0108 2 Mandrakesoft, Php 2 Mandrake Linux, Php 2025-04-03 5.0 MEDIUM N/A
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
CVE-2006-1991 1 Php 1 Php 2025-04-03 6.4 MEDIUM N/A
The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument.
CVE-2004-1065 4 Openpkg, Php, Trustix and 1 more 4 Openpkg, Php, Secure Linux and 1 more 2025-04-03 10.0 HIGH N/A
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
CVE-2002-0081 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
CVE-2006-4020 1 Php 1 Php 2025-04-03 4.6 MEDIUM N/A
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
CVE-2006-4485 1 Php 1 Php 2025-04-03 10.0 HIGH N/A
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
CVE-2005-3353 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
CVE-2005-3883 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.
CVE-2003-0860 1 Php 1 Php 2025-04-03 10.0 HIGH N/A
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
CVE-2003-0863 1 Php 1 Php 2025-04-03 7.5 HIGH N/A
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications.
CVE-2001-1385 2 Mandrakesoft, Php 2 Mandrake Linux, Php 2025-04-03 5.0 MEDIUM N/A
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
CVE-2005-0524 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.
CVE-2004-1020 1 Php 1 Php 2025-04-03 5.0 MEDIUM N/A
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVE-2004-0959 1 Php 1 Php 2025-04-03 2.1 LOW N/A
rfc1867.c in PHP before 5.0.2 allows local users to upload files to arbitrary locations via a PHP script with a certain MIME header that causes the "$_FILES" array to be modified.