Vulnerabilities > PHP > PHP > 5.5.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-02-18 | CVE-2014-2020 | Numeric Errors vulnerability in PHP ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226. | 5.0 |
2014-02-15 | CVE-2012-1171 | Information Exposure vulnerability in PHP The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to bypass the open_basedir protection mechanism and read arbitrary files via vectors involving a stream_close method call during use of a custom stream wrapper. | 5.0 |