📦 Php

This CVE describes a buffer size limitation vulnerability in PHP's HTTP redirect parsing. When PHP processes HTTP redirect responses, it truncates location headers longer than 1024 bytes instead of th...

This vulnerability in PHP's PDO::quote() function for SQLite allows SQL injection when processing overly long user-supplied strings. It affects PHP applications using SQLite database connections with ...

This vulnerability allows attackers to cause an integer overflow in PHP's ldap_escape() function on 32-bit systems by providing long string inputs, leading to out-of-bounds writes. It affects PHP appl...

This vulnerability allows attackers to cause an integer overflow in PHP's ldap_escape() function on 32-bit systems by providing long string inputs, leading to out-of-bounds writes. This can potentiall...

This is a critical PHP CGI argument injection vulnerability affecting Windows servers running Apache with PHP-CGI. It allows attackers to bypass protections and execute arbitrary PHP code on vulnerabl...

This vulnerability allows remote command execution on Windows systems running vulnerable PHP versions. When using proc_open() with array syntax, insufficient argument escaping enables attackers to exe...

CVE-2024-3566 is a command injection vulnerability affecting Windows applications that use CreateProcess function with improper argument quoting. Attackers can execute arbitrary commands with the priv...

This CVE describes a stack buffer overflow vulnerability in PHP's PHAR file handling that could lead to memory corruption or remote code execution. It affects PHP versions 8.0.* before 8.0.30, 8.1.* b...

This CVE describes an information disclosure vulnerability in PHP's getimagesize() function where uninitialized heap memory can leak into image metadata segments. Attackers can exploit this by uploadi...

This vulnerability in PHP's PDO PostgreSQL driver causes a null pointer dereference when using prepared statements with invalid character sequences, leading to segmentation faults and server crashes. ...

This CVE describes an insufficient validation vulnerability in PHP's header handling that could allow attackers to manipulate HTTP headers. When user-supplied headers contain specific end-of-line char...

This CVE allows command injection in PHP on Windows systems with specific non-standard codepage configurations, bypassing previous CVE-2024-4577 fixes. Attackers can execute arbitrary PHP code, reveal...

This vulnerability allows remote command execution on Windows systems when using PHP's proc_open() function with array syntax. An attacker can inject malicious arguments that bypass the previous CVE-2...

This vulnerability in PHP's mb_encode_mimeheader() function causes infinite loops when processing specific input patterns, leading to denial of service. Any PHP application using this function with un...

A vulnerability in PHP's password_verify() function allows invalid Blowfish password hashes to be accepted as valid. This could enable authentication bypass if compromised hashes are stored in passwor...

A buffer overflow vulnerability in PHP's path resolution function allows writing a null byte beyond allocated memory when processing paths near system MAXPATHLEN limits. This could lead to memory corr...

This CVE describes a buffer overflow vulnerability in PHP's pdo_mysql extension with mysqlnd driver when connecting with an excessively long password. Attackers who can control the connection host and...

A heap buffer overflow vulnerability in PHP's array_merge() function allows memory corruption when merging large packed arrays. This affects PHP servers running vulnerable versions and can lead to cra...

This vulnerability in PHP's PostgreSQL extensions (pgsql and pdo_pgsql) fails to properly handle errors when escaping strings for database queries. If a PostgreSQL server rejects a string as invalid, ...

This vulnerability in PHP's DOM and SimpleXML extensions causes incorrect charset detection when processing HTTP resources that redirect, potentially leading to parsing errors or validation bypasses. ...

This PHP vulnerability allows attackers to perform HTTP request smuggling when using streams with proxy configurations and the 'request_fulluri' option. It enables attackers to make arbitrary HTTP req...

A memory disclosure vulnerability in PHP's MySQL client allows a malicious MySQL server to read heap memory from the client. This could expose sensitive data from previous SQL queries or other users' ...