Filter By Severity
CVESeverity     Type TypeSubjectDate DateAffected Versions Affected VersionsFixed Products
CVE-2024-11233Moderate

Information Disclosure

Single byte overread with convert.quoted-printable-decode filter

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-11234Moderate

Cross-Site Request Forgery

Configuring a proxy in a stream context might allow for CRLF injection in URIs

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-11236Critical

Cross-Site Request Forgery

Integer overflow in the dblib quoter causing OOB writes

2024-11-23

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-8929Moderate

Information Disclosure

Leak partial content of the heap through heap buffer over-read

2024-11-22

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-8932Critical

Cross-Site Request Forgery

php: OOB access in ldap_escape

2024-11-22

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-9026Low

Cross-Site Request Forgery

php: PHP-FPM Log Manipulation Vulnerability'))) AND 3902=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) AND ((('ltRg'='ltRg

2024-10-08

7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.30
8.2.0-8.2.24
8.3.0-8.3.12
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-8925Moderate

Cross-Site Request Forgery

php: Erroneous parsing of multipart form data

2024-10-07

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.30
8.2.0-8.2.24
8.3.0-8.3.12
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-8926High

Remote Code Execution

php: PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)

2024-10-07

5.6.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.30
8.2.0-8.2.24
8.3.0-8.3.12
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-8927High

Remote Code Execution

php: cgi.force_redirect configuration is bypassable due to the environment variable collision

2024-10-07

7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.30
8.2.0-8.2.24
8.3.0-8.3.12
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
CVE-2024-2408Moderate

Information Disclosure

php: potential exposure to Marvin attack via unsafe implementation of RSA decryption API

2024-06-07

5.6.0-7.1.33
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.28
8.2.0-8.2.19
8.3.0-8.3.7
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.3.5
Page
Sort by severity
Sort by type
Sort by date
Sort by php versions affected