Vulnerabilities > PHP > PHP > 5.4.17

DATE CVE VULNERABILITY TITLE RISK
2014-05-06 CVE-2014-0185 Improper Privilege Management vulnerability in PHP
sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP before 5.4.28 and 5.5.x before 5.5.12 uses 0666 permissions for the UNIX socket, which allows local users to gain privileges via a crafted FastCGI client.
local
low complexity
php CWE-269
7.2
7.2
2014-02-18 CVE-2014-2020 Numeric Errors vulnerability in PHP
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.
network
low complexity
php CWE-189
5.0
5.0
2014-02-15 CVE-2012-1171 Information Exposure vulnerability in PHP
The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper.
network
low complexity
php CWE-200
5.0
5.0