CVE Daily
← All tags

Tag: PHP

All CVEs associated with "PHP". Page 312/312 • 37332 CVEs.

Subscribe CVEs: RSS for “PHP”  ·  RSS (High+Critical only)

About “PHP”

A curated feed of “PHP”-related CVEs appears below. We currently track 37332 CVEs for this tag (all time). In the last 365 days, 6068 were published. Average CVSS is 6.7 (all time; 6.9 over 365d), and 50% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion').

In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2001-01-09
High

CVE-2000-1166

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhost…

CVSS: 7.5 CWE: N/A View on NVD
2000-12-31
Medium

CVE-2000-1230

Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2000-1240

Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 APR 00 allows remote attackers to obtain sensitive information via unknown attack vectors, which reveal the absolute path. NOTE:…

CVSS: 5.0 CWE: N/A View on NVD
2000-12-19
Medium

CVE-2000-0902

getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

CVSS: 5.0 CWE: N/A View on NVD
Critical

CVE-2000-0967

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error log…

CVSS: 10.0 CWE: N/A View on NVD
2000-11-14
Medium

CVE-2000-0860

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

CVSS: 5.0 CWE: N/A View on NVD
Medium

CVE-2000-0872

explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

CVSS: 5.0 CWE: N/A View on NVD
2000-10-20
High

CVE-2000-0745

admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd paramete…

CVSS: 7.5 CWE: N/A View on NVD
1997-10-19
High

CVE-1999-0068

CGI PHP mylog script allows an attacker to read any file on the target server.

CVSS: 7.5 CWE: N/A View on NVD
1997-10-16
Medium

CVE-1999-0346

CGI PHP mlog script allows an attacker to read any file on the target server.

CVSS: 5.0 CWE: N/A View on NVD
1997-08-01
Critical

CVE-1999-0238

php.cgi allows attackers to read any file on the system.

CVSS: 10.0 CWE: N/A View on NVD
1997-04-17
High

CVE-1999-0058

Buffer overflow in PHP cgi program, php.cgi allows shell access.

CVSS: 7.5 CWE: N/A View on NVD