CVSS: 7.8EPSS: 5%CPEs: 3EXPL: 0CVE-2024-2756 – __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
https://notcve.org/view.php?id=CVE-2024-2756
16 Apr 2024 — Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Debido a una solución incompleta de CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, los atacantes de la red y del mismo sitio pueden establecer una cookie estándar insegura en el navegador de la víctima que se trata como una __Host- o __... • http://www.openwall.com/lists/oss-security/2024/04/12/11 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3096 – PHP function password_verify can erroneously return true when argument contains NUL
https://notcve.org/view.php?id=CVE-2024-3096
16 Apr 2024 — In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. En la versión PHP 8.1.* anterior a 8.1.28, 8.2.* anterior a 8.2.18, 8.3.* anterior a 8.3.5, si una contraseña almacenada con contraseña_hash() comienza con un byte nulo (\x00), se prueba una cadena en blanco como la contraseña a través de contraseña_verify() devolverá v... • http://www.openwall.com/lists/oss-security/2024/04/12/11 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31631 – PDO::quote() may return unquoted string
https://notcve.org/view.php?id=CVE-2022-31631
11 Jan 2023 — In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force th... • https://bugs.php.net/bug.php?id=81740 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2006-7205
https://notcve.org/view.php?id=CVE-2006-7205
24 May 2007 — The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value. La función array_fill en ext/standard/array.c de PHP 4.4.2 y 5.1.2 permite a atacantes remotos dependientes de contexto provocar una denegación de servicio (consumo de memoria) mediante una valor num largo. • http://securitytracker.com/id?1015979 •
CVSS: 9.3EPSS: 6%CPEs: 1EXPL: 1CVE-2006-3016 – Ubuntu Security Notice 320-1
https://notcve.org/view.php?id=CVE-2006-3016
14 Jun 2006 — Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown impact and attack vectors, related to "certain characters in session names," including special characters that are frequently associated with CRLF injection, SQL injection, cross-site scripting (XSS), and HTTP response splitting vulnerabilities. NOTE: while the nature of the vulnerability is unspecified, it is likely that this is related to a violation of an expectation by PHP applications that the session name is alphanumeric, as implie... • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2006-3018 – Ubuntu Security Notice 320-1
https://notcve.org/view.php?id=CVE-2006-3018
14 Jun 2006 — Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption. Vulnerabilidad no especificada en la funcionalidad de extensión de sesión en PHP anterior a la versión 5.1.3 tiene un impacto y vectores de ataque desconocidos, relacionados con una corrupción de memoria dinámica. Multiple vulnerabilities in php4 and php5 have been fixed in Ubuntu. • http://secunia.com/advisories/19927 •