Vulnerabilities > PHP

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-27157 Weak Password Recovery Mechanism for Forgotten Password vulnerability in PHP Pearweb
pearweb < 1.32 is suffers from a Weak Password Recovery Mechanism via include/users/passwordmanage.php.
network
low complexity
php CWE-640
7.5
2022-04-15 CVE-2022-27158 Deserialization of Untrusted Data vulnerability in PHP Pearweb
pearweb < 1.32 suffers from Deserialization of Untrusted Data.
network
low complexity
php CWE-502
7.5
2022-04-05 CVE-2022-26635 Unspecified vulnerability in PHP Memcached
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.
network
low complexity
php
7.5
2022-02-27 CVE-2021-21708 Use After Free vulnerability in PHP
In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTER_VALIDATE_FLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in overwrite of other memory chunks and RCE.
network
php CWE-416
6.8
2021-11-29 CVE-2021-21707 In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them.
network
low complexity
php netapp debian
5.0
2021-10-25 CVE-2021-21703 Out-of-bounds Write vulnerability in multiple products
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
6.9
2021-10-04 CVE-2021-21704 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid response data that is not parsed correctly by the driver.
network
php netapp CWE-119
4.3
2021-10-04 CVE-2021-21705 Improper Input Validation vulnerability in multiple products
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid.
network
low complexity
php netapp oracle CWE-20
5.0
2021-10-04 CVE-2021-21706 Path Traversal vulnerability in PHP
In PHP versions 7.3.x below 7.3.31, 7.4.x below 7.4.24 and 8.0.x below 8.0.11, in Microsoft Windows environment, ZipArchive::extractTo may be tricked into writing a file outside target directory when extracting a ZIP file, thus potentially causing files to be created or overwritten, subject to OS permissions.
network
php CWE-22
4.3
2021-07-30 CVE-2021-32610 Link Following vulnerability in multiple products
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
local
low complexity
php debian fedoraproject CWE-59
3.6