This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:php:php
Detail
VendorPhpFirst view 1997-04-17
ProductPhpLast view2019-08-09
VersionTypeApplication
Edition 
Language 
Update 

Activity : Overall

COMMON PLATFORM ENUMERATION : Repartition per Version

CPE NameAffected CVE
cpe:/a:php:php:4.0.0400
cpe:/a:php:php:4.1.2397
cpe:/a:php:php:4.2.2396
cpe:/a:php:php:4.0.3396
cpe:/a:php:php:4.0.4:-395
Hide | Show 45 More...
CPE NameAffected CVE
cpe:/a:php:php:4.0.5:-395
cpe:/a:php:php:4.1.0:-395
cpe:/a:php:php:4.1.1394
cpe:/a:php:php:4.0.6:-394
cpe:/a:php:php:4.2.0:-394
cpe:/a:php:php:4.2.1:-394
cpe:/a:php:php:4.0.1:-393
cpe:/a:php:php:4.3.1391
cpe:/a:php:php:5.2.0391
cpe:/a:php:php:4.0.2391
cpe:/a:php:php:4.2.3:-390
cpe:/a:php:php:4.3.0:-390
cpe:/a:php:php:4.0.7:-389
cpe:/a:php:php:4.3.9387
cpe:/a:php:php:4.3.2:-387
cpe:/a:php:php:4.3.8385
cpe:/a:php:php:4.3.3:-385
cpe:/a:php:php:4.3.6:-385
cpe:/a:php:php:4.3.5:-384
cpe:/a:php:php:4.3.7:-384
cpe:/a:php:php:4.4.0:-384
cpe:/a:php:php:4.3.10:-383
cpe:/a:php:php:4.3.4:-382
cpe:/a:php:php:4.0.7:rc3379
cpe:/a:php:php:4.0.7:rc2379
cpe:/a:php:php:4.0.7:rc1379
cpe:/a:php:php:4.4.2:-378
cpe:/a:php:php:4.3.11:-377
cpe:/a:php:php:5.1.1376
cpe:/a:php:php:4.4.1:-376
cpe:/a:php:php:5.0.0:-376
cpe:/a:php:php:5.0.2:-376
cpe:/a:php:php:5.0.1:-375
cpe:/a:php:php:5.1.0:-373
cpe:/a:php:php:5.1.2:-373
cpe:/a:php:php:5.0.3:-372
cpe:/a:php:php:5.0.5:-371
cpe:/a:php:php:5.1.4370
cpe:/a:php:php:5.0.4:-370
cpe:/a:php:php:4.4.3:-366
cpe:/a:php:php:5.2.1:-365
cpe:/a:php:php:4.4.4:-364
cpe:/a:php:php:5.1.6361
cpe:/a:php:php:5.1.3360
cpe:/a:php:php:5.0.0:rc3356

Related : CVE

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
 DateAlertAccess VectorAccess ComplexityAuthentication
6.82019-08-09CVE-2019-11042NetworkMediumNone Requ...
6.82019-08-09CVE-2019-11041NetworkMediumNone Requ...
52019-07-10CVE-2017-7189NetworkLowNone Requ...
6.42019-06-18CVE-2019-11040NetworkLowNone Requ...
6.42019-06-18CVE-2019-11039NetworkLowNone Requ...
Hide | Show 20 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
52019-06-18CVE-2019-11038NetworkLowNone Requ...
6.42019-05-03CVE-2019-11036NetworkLowNone Requ...
6.42019-04-18CVE-2019-11035NetworkLowNone Requ...
6.42019-04-18CVE-2019-11034NetworkLowNone Requ...
6.82019-03-11CVE-2019-9675NetworkMediumNone Requ...
7.52019-03-08CVE-2019-9641NetworkLowNone Requ...
52019-03-08CVE-2019-9640NetworkLowNone Requ...
52019-03-08CVE-2019-9639NetworkLowNone Requ...
52019-03-08CVE-2019-9638NetworkLowNone Requ...
52019-03-08CVE-2019-9637NetworkLowNone Requ...
7.52019-02-22CVE-2019-9025NetworkLowNone Requ...
52019-02-22CVE-2019-9024NetworkLowNone Requ...
7.52019-02-22CVE-2019-9023NetworkLowNone Requ...
52019-02-22CVE-2019-9022NetworkLowNone Requ...
7.52019-02-22CVE-2019-9021NetworkLowNone Requ...
7.52019-02-22CVE-2019-9020NetworkLowNone Requ...
52019-02-21CVE-2018-20783NetworkLowNone Requ...
6.82019-01-26CVE-2019-6977NetworkMediumNone Requ...
52018-12-07CVE-2018-19935NetworkLowNone Requ...

CWE : Common Weakness Enumeration

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
%idName
23% (100)CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (65)CWE-20Improper Input Validation
8% (39)CWE-189Numeric Errors
7% (31)CWE-264Permissions, Privileges, and Access Controls
6% (27)CWE-200Information Exposure
Hide | Show 20 More...
%idName
5% (25)CWE-399Resource Management Errors
4% (21)CWE-125Out-of-bounds Read
3% (16)CWE-416Use After Free
3% (15)CWE-190Integer Overflow or Wraparound
2% (12)CWE-476NULL Pointer Dereference
1% (8)CWE-94Failure to Control Generation of Code ('Code Injection')
1% (8)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
1% (8)CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path ...
1% (7)CWE-134Uncontrolled Format String
1% (6)CWE-787Out-of-bounds Write
1% (5)CWE-310Cryptographic Issues
1% (5)CWE-59Improper Link Resolution Before File Access ('Link Following')
0% (4)CWE-502Deserialization of Untrusted Data
0% (4)CWE-78Improper Sanitization of Special Elements used in an OS Command ('O...
0% (4)CWE-19Data Handling
0% (3)CWE-415Double Free
0% (3)CWE-400Uncontrolled Resource Consumption ('Resource Exhaustion')
0% (3)CWE-362Race Condition
0% (3)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
0% (2)CWE-284Access Control (Authorization) Issues

CAPEC : Common Attack Pattern Enumeration & Classification

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idName
CAPEC-3Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6Argument Injection
CAPEC-7Blind SQL Injection
CAPEC-8Buffer Overflow in an API Call
CAPEC-9Buffer Overflow in Local Command-Line Utilities
Hide | Show 20 More...
idName
CAPEC-10Buffer Overflow via Environment Variables
CAPEC-13Subverting Environment Variable Values
CAPEC-14Client-side Injection-induced Buffer Overflow
CAPEC-15Command Delimiters
CAPEC-18Embedding Scripts in Nonscript Elements
CAPEC-22Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24Filter Failure through Buffer Overflow
CAPEC-27Leveraging Race Conditions via Symbolic Links
CAPEC-28Fuzzing
CAPEC-29Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
CAPEC-31Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32Embedding Scripts in HTTP Query Strings
CAPEC-34HTTP Response Splitting
CAPEC-41Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-42MIME Conversion
CAPEC-43Exploiting Multiple Input Interpretation Layers
CAPEC-45Buffer Overflow via Symbolic Links
CAPEC-46Overflow Variables and Tags
CAPEC-47Buffer Overflow via Parameter Expansion
CAPEC-52Embedding NULL Bytes

SAINT Exploits

DescriptionLink
PHP CGI Query String Parameters Command ExecutionMore info here
Horde Imp Unauthenticated Remote Command ExecutionMore info here

Open Source Vulnerability Database (OSVDB)

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
78571PHP tidy_diagnose Function Tidy::diagnose Operation Remote doS
78570PHP zend_strndup Function Return Value Parsing Remote DoS
78115PHP Hash Collission Form Parameter Parsing Remote DoS
77446PHP exif.c exif_process_IFD_TAG Function EXIF Header JPEG File Handling Overflow
77047Roundcube Webmail include/iniset.php Subject Header Parsing Remote DoS
Hide | Show 20 More...
idDescription
75713PHP is_a() Function __autoload() Function Remote File Inclusion
75200PHP *alloc Functions Argument Handling Arbitrary Value Injection Overflow
74743PHP ext/zip/php_zip.c Multiple Function Flag Argument DoS
74742PHP crypt_blowfish 8-bit Character Password Hash Cleartext Password Disclosure
74739PHP error_log Function Unspecified DoS
74738PHP crypt() Function Salt Argument Overflow
74728PHP extract() Function EXTR_OVERWRITE Parameter Variable Overwriting
74726PHP crypt() Function MD5 Salt Hash Value Return Weakness
74689PHP on Windows SPL Extension SplFileInfo::getType Function Symlink Arbitrary ...
74688PHP mt_rand Function max Parameter Overflow
74193PHP PCNTL Extension Concurrent Signal Saturation Race Condition Memory Corrup...
73755PHP OpenSSL Extension x Function openssl_decrypt Ciphertext Data Memory Leak DoS
73754PHP OpenSSL Extension openssl_encrypt Function Plaintext Data Memory Leak DoS
73706PHP on Debian GNU/Linux /etc/cron.d/php5 Directory Symlink Arbitrary File Del...
73626PHP Calendar Extension SdnToJulian Function Overflow DoS
73625PHP Intl Extension NumberFormatter::setSymbol Function Invalid Argument DoS
73624PHP Streams Component HTTP Proxy FTP Wrapper ftp:// URL DoS
73623PHP Zip Extension stream_get_contents Function ziparchive Stream Handling DoS
73622PHP Zip Extension zip_stream.c zip_fread Function Call Integer Signedness Err...
73275PHP grapheme_extract() Function NULL Dereference DoS

ExploitDB Exploits

idDescription
30395PHP openssl_x509_parse() - Memory Corruption Vulnerability
29290Apache / PHP 5.x Remote Code Execution Exploit
25986Plesk Apache Zeroday Remote Exploit
18836PHP CGI Argument Injection Exploit
18834PHP CGI Argument Injection
Hide | Show 13 More...
idDescription
18370PHP 5.3.8 Multiple Vulnerabilities
18305PHP Hash Table Collision Proof Of Concept
18296PHP Hashtables Denial of Service
17486PHP 5.3.6 Buffer Overflow PoC (ROP) CVE-2011-1938
17318PHP <= 5.3.5 socket_connect() Buffer Overflow Vulnerability
17004libzip 0.9.3 _zip_name_locate NULL Pointer Dereference (incl PHP 5.3.5)
16966PHP <= 5.3.6 shmop_read() Integer Overflow DoS
16182PHP 5.3.5 grapheme_extract() NULL Pointer Dereference
15722PHP 5.3.3 NumberFormatter::getSymbol Integer Overflow
15431PHP 5.3.3/5.2.14 ZipArchive::getArchiveComment NULL Pointer Deference
11636Kolang (proc_open PHP safe mode bypass 4.3.10 - 5.3.0)
7646PHP <= 5.2.8 gd library - imageRotate() Information Leak Vulnerability
4392PHP <= 4.4.7 / 5.2.3 MySQL/MySQLi Safe Mode Bypass Vulnerability

OpenVAS Exploits

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0426-1 (update)
File : nvt/gb_suse_2012_0426_1.nasl
2012-12-13Name : SuSE Update for update openSUSE-SU-2012:0590-1 (update)
File : nvt/gb_suse_2012_0590_1.nasl
2012-10-03Name : Gentoo Security Advisory GLSA 201209-24 (PostgreSQL)
File : nvt/glsa_201209_24.nasl
2012-09-26Name : Gentoo Security Advisory GLSA 201209-03 (php)
File : nvt/glsa_201209_03.nasl
2012-09-25Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2012-004)
File : nvt/gb_macosx_su12-004.nasl
Hide | Show 20 More...
idDescription
2012-09-24Name : PHP 'main/SAPI.c' HTTP Header Injection Vulnerability
File : nvt/gb_php_http_header_injection_vuln_win.nasl
2012-09-22Name : Ubuntu Update for php5 USN-1569-1
File : nvt/gb_ubuntu_USN_1569_1.nasl
2012-09-19Name : FreeBSD Ports: php5-sqlite
File : nvt/freebsd_php5-sqlite.nasl
2012-09-19Name : FreeBSD Ports: php5
File : nvt/freebsd_php520.nasl
2012-09-10Name : Slackware Advisory SSA:2011-210-01 libpng
File : nvt/esoft_slk_ssa_2011_210_01.nasl
2012-09-10Name : Slackware Advisory SSA:2011-237-01 php
File : nvt/esoft_slk_ssa_2011_237_01.nasl
2012-09-10Name : Slackware Advisory SSA:2012-041-02 php
File : nvt/esoft_slk_ssa_2012_041_02.nasl
2012-09-10Name : Slackware Advisory SSA:2012-204-01 php
File : nvt/esoft_slk_ssa_2012_204_01.nasl
2012-09-07Name : FreeBSD Ports: php5
File : nvt/freebsd_php519.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-7628
File : nvt/gb_fedora_2012_7628_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-7628
File : nvt/gb_fedora_2012_7628_php_fc17.nasl
2012-08-30Name : Debian Security Advisory DSA 2527-1 (php5)
File : nvt/deb_2527_1.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-10936
File : nvt/gb_fedora_2012_10936_php_fc17.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-8924
File : nvt/gb_fedora_2012_8924_postgresql_fc17.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-12156
File : nvt/gb_fedora_2012_12156_postgresql_fc16.nasl
2012-08-30Name : Fedora Update for postgresql FEDORA-2012-12165
File : nvt/gb_fedora_2012_12165_postgresql_fc17.nasl
2012-08-30Name : Fedora Update for gd FEDORA-2012-9298
File : nvt/gb_fedora_2012_9298_gd_fc17.nasl
2012-08-30Name : Fedora Update for maniadrive FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_maniadrive_fc17.nasl
2012-08-30Name : Fedora Update for php FEDORA-2012-9490
File : nvt/gb_fedora_2012_9490_php_fc17.nasl

Information Assurance Vulnerability Management (IAVM)

idDescription
2015-B-0108Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0061365
2015-A-0199Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337
2014-B-0086Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0052897
2014-B-0053PHP Privilege Escalation Vulnerability
Severity : Category I - VMSKEY : V0050233
2014-B-0021Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0044541
Hide | Show 3 More...
idDescription
2014-A-0030Apple Mac OS X Security Update 2014-001
Severity : Category I - VMSKEY : V0044547
2013-A-0179Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373
2013-B-0093Multiple Vulnerabilities in PHP
Severity : Category I - VMSKEY : V0040108

Snort® IPS/IDS

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
DateDescription
2014-01-10php.cgi access
RuleID : 824-community - Type : SERVER-WEBAPP - Revision : 27
2014-01-10php.cgi access
RuleID : 824 - Type : SERVER-WEBAPP - Revision : 27
2019-11-19PHP tag depth heap memory corruption attempt
RuleID : 51930 - Type : SERVER-WEBAPP - Revision : 1
2019-10-23PHP http fopen stack buffer overflow attempt
RuleID : 51578 - Type : SERVER-WEBAPP - Revision : 1
2019-05-07PHP gdImageColorMatch heap buffer overflow file download attempt
RuleID : 49673 - Type : SERVER-OTHER - Revision : 1
Hide | Show 20 More...
DateDescription
2019-05-07PHP gdImageColorMatch heap buffer overflow file upload attempt
RuleID : 49672 - Type : SERVER-OTHER - Revision : 1
2018-12-11CVE PHP infinite loop from use of stream filter and convert.iconv file upload...
RuleID : 48354 - Type : SERVER-WEBAPP - Revision : 2
2018-08-16PHP phar extension remote code execution attempt
RuleID : 47207 - Type : SERVER-WEBAPP - Revision : 2
2018-08-14PHP unserialize integer overflow attempt
RuleID : 47156 - Type : SERVER-WEBAPP - Revision : 1
2018-08-14PHP unserialize integer overflow attempt
RuleID : 47155 - Type : SERVER-WEBAPP - Revision : 1
2018-06-26PHP .phar cross site scripting attempt
RuleID : 46808 - Type : SERVER-WEBAPP - Revision : 2
2018-06-05PHP unserialize integer overflow attempt
RuleID : 46470 - Type : SERVER-WEBAPP - Revision : 4
2018-06-05PHP unserialize integer overflow attempt
RuleID : 46469 - Type : SERVER-WEBAPP - Revision : 3
2018-03-29PHP unserialize integer overflow attempt
RuleID : 45769 - Type : SERVER-WEBAPP - Revision : 4
2018-03-29PHP unserialize integer overflow attempt
RuleID : 45768 - Type : SERVER-WEBAPP - Revision : 4
2018-03-20PHP php_mime_split multipart file upload buffer overflow attempt
RuleID : 45676 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44749 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44748 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44747 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44746 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44745 - Type : SERVER-WEBAPP - Revision : 2
2017-12-13PHP unserialize call SPL ArrayObject and SPLObjectStorage memory corruption a...
RuleID : 44744 - Type : SERVER-WEBAPP - Revision : 2
2017-10-24PHP form-based file upload DoS attempt
RuleID : 44390 - Type : SERVER-WEBAPP - Revision : 2
2017-09-19PHP malformed quoted printable denial of service attempt
RuleID : 44001 - Type : SERVER-WEBAPP - Revision : 2
2017-08-23PHP core unserialize use after free attempt
RuleID : 43668 - Type : SERVER-WEBAPP - Revision : 2

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
2019-01-14Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2019-1147.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-ee6707d519.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-b6072889db.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-1aeac808ce.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-791c3cfe21.nasl - Type : ACT_GATHER_INFO
Hide | Show 20 More...
idDescription
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-7ebfe1e6f2.nasl - Type : ACT_GATHER_INFO
2019-01-03Name : The remote Fedora host is missing a security update.
File : fedora_2018-dfe1f0bac6.nasl - Type : ACT_GATHER_INFO
2018-12-17Name : The remote Debian host is missing a security update.
File : debian_DLA-1608.nasl - Type : ACT_GATHER_INFO
2018-12-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4353.nasl - Type : ACT_GATHER_INFO
2018-12-03Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201812-01.nasl - Type : ACT_GATHER_INFO
2018-10-26Name : The remote EulerOS Virtualization host is missing a security update.
File : EulerOS_SA-2018-1325.nasl - Type : ACT_GATHER_INFO
2018-10-19Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1090.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1309.nasl - Type : ACT_GATHER_INFO
2018-09-27Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1310.nasl - Type : ACT_GATHER_INFO
2018-09-24Name : The remote Fedora host is missing a security update.
File : fedora_2018-25100b492c.nasl - Type : ACT_GATHER_INFO
2018-09-20Name : The remote Debian host is missing a security update.
File : debian_DLA-1509.nasl - Type : ACT_GATHER_INFO
2018-09-18Name : The remote EulerOS Virtualization host is missing a security update.
File : EulerOS_SA-2018-1249.nasl - Type : ACT_GATHER_INFO
2018-09-04Name : The remote Debian host is missing a security update.
File : debian_DLA-1490.nasl - Type : ACT_GATHER_INFO
2018-08-24Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1066.nasl - Type : ACT_GATHER_INFO
2018-08-24Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2018-1067.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0021.nasl - Type : ACT_GATHER_INFO
2018-08-17Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0029.nasl - Type : ACT_GATHER_INFO
2018-08-10Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1224.nasl - Type : ACT_GATHER_INFO
2018-07-06Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4240.nasl - Type : ACT_GATHER_INFO
2018-07-03Name : The remote EulerOS host is missing a security update.
File : EulerOS_SA-2018-1217.nasl - Type : ACT_GATHER_INFO