CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 1CVE-2024-5458 – Filter bypass in filter_var (FILTER_VALIDATE_URL)
https://notcve.org/view.php?id=CVE-2024-5458
09 Jun 2024 — In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8... • http://www.openwall.com/lists/oss-security/2024/06/07/1 • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 9.7EPSS: 54%CPEs: 3EXPL: 1CVE-2024-1874 – Command injection via array-ish $command parameter of proc_open()
https://notcve.org/view.php?id=CVE-2024-1874
29 Apr 2024 — In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. En las versiones de PHP 8.1.* anteriores a 8.1.28, 8.2.* anteriores a 8.2.18, 8.3.* anteriores a 8.3.5, cuando se utiliza el comando proc_open() con sintaxis de matriz, debido a un escape ins... • https://github.com/Tgcohce/CVE-2024-1874 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3096 – PHP function password_verify can erroneously return true when argument contains NUL
https://notcve.org/view.php?id=CVE-2024-3096
16 Apr 2024 — In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. En la versión PHP 8.1.* anterior a 8.1.28, 8.2.* anterior a 8.2.18, 8.3.* anterior a 8.3.5, si una contraseña almacenada con contraseña_hash() comienza con un byte nulo (\x00), se prueba una cadena en blanco como la contraseña a través de contraseña_verify() devolverá v... • http://www.openwall.com/lists/oss-security/2024/04/12/11 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 7.8EPSS: 6%CPEs: 3EXPL: 0CVE-2024-2756 – __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
https://notcve.org/view.php?id=CVE-2024-2756
16 Apr 2024 — Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Debido a una solución incompleta de CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, los atacantes de la red y del mismo sitio pueden establecer una cookie estándar insegura en el navegador de la víctima que se trata como una __Host- o __... • http://www.openwall.com/lists/oss-security/2024/04/12/11 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 16%CPEs: 5EXPL: 7CVE-2023-3824 – Buffer overflow and overread in phar_dir_read()
https://notcve.org/view.php?id=CVE-2023-3824
11 Aug 2023 — In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. En PHP versión 8.0.* antes de 8.0.30, 8.1.* antes de 8.1.22, y 8.2.* antes de 8.2.8, al cargar el archivo phar, mientras se leen las entradas del directorio PHAR, una comprobación de longitud insuficiente puede conducir a un desbordamiento del búfer de p... • https://github.com/jhonnybonny/CVE-2023-3824 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.6EPSS: 0%CPEs: 5EXPL: 1CVE-2023-3823 – Security issue with external entity loading in XML without enabling it
https://notcve.org/view.php?id=CVE-2023-3823
11 Aug 2023 — In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and ... • https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-3247 – Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP
https://notcve.org/view.php?id=CVE-2023-3247
04 Jul 2023 — In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. A vulnerability was found in PHP where the weak randomness affects appl... • https://github.com/php/php-src/security/advisories/GHSA-76gg-c692-v2mw • CWE-252: Unchecked Return Value CWE-330: Use of Insufficiently Random Values CWE-334: Small Space of Random Values •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2023-0568 – Array overrun in common path resolve code
https://notcve.org/view.php?id=CVE-2023-0568
16 Feb 2023 — In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN setting, this may lead to the byte after the allocated buffer being overwritten with NUL value, which might lead to unauthorized data access or modification. A vulnerability was found in PHP. This security issue occurs because the core path resolution function allocates a buffer one byte small. Resolving paths w... • https://bugs.php.net/bug.php?id=81746 • CWE-131: Incorrect Calculation of Buffer Size CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-0662 – DoS vulnerability when parsing multipart request body
https://notcve.org/view.php?id=CVE-2023-0662
16 Feb 2023 — In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space. A vulnerability was found in PHP. This security flaw occurs when the request body parsing in PHP allows any unauthenticated attacker to consume a large amount of CPU time and trigger excessive logging. A large amount of CP... • https://github.com/php/php-src/security/advisories/GHSA-54hq-v5wp-fqgv • CWE-400: Uncontrolled Resource Consumption CWE-779: Logging of Excessive Data •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 1CVE-2023-0567 – password_verify() always returns true for some invalid hashes
https://notcve.org/view.php?id=CVE-2023-0567
16 Feb 2023 — In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. A vulnerability was found in PHP. This security flaw occurs when malformatted BCrypt hashes that include a $ within their salt part trigger a buffer overread and may erroneously validate any password as valid. It was discovere... • https://bugs.php.net/bug.php?id=81744 • CWE-328: Use of Weak Hash CWE-916: Use of Password Hash With Insufficient Computational Effort •