Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 699 CRITICAL 123 HIGH 261 MEDIUM 289 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
121 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 5 6 4 0
122 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 6 9 6 0
123 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
124 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
125 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
126 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
127 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
128 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
129 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
130 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
131 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
132 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
133 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
134 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
135 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
136 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
137 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
138 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
139 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
140 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
141 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
142 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
143 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
144 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
145 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
146 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
147 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
148 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
149 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
150 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
151 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
152 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
153 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
154 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
155 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
156 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
157 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
158 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
159 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
160 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
161 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
162 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
163 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
164 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
121 9.1
6.4 		CRITICAL
Network 		In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler could be used by attackers supplying malicious archive files to crash the PHP interpreter or potentially disclose information due … CWE-125
Out-of-bounds Read 		CVE-2017-11147 cpe:2.3:a:php:php:*:* 7.1.0

7.0.0



7.1.1
5.6.30
7.0.15 		2024-11-21 12:07
2017-07-10 		Show GitHub Exploit DB Packet Storm
122 7.5
5.0 		HIGH
Network 		In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak informat… CWE-200
Information Exposure 		CVE-2017-11145 cpe:2.3:a:php:php:7.1.6:*
cpe:2.3:a:php:php:7.1.5:*
cpe:2.3:a:php:php:7.1.4:*
cpe:2.3:a:php:php:7.1.3:*
cpe… 		5.6.30 2024-11-21 12:07
2017-07-10 		Show GitHub Exploit DB Packet Storm
123 7.5
5.0 		HIGH
Network 		In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of … CWE-754
 Improper Check for Unusual or Exceptional Conditions 		CVE-2017-11144 cpe:2.3:a:php:php:7.1.6:*
cpe:2.3:a:php:php:7.1.5:*
cpe:2.3:a:php:php:7.1.4:*
cpe:2.3:a:php:php:7.1.3:*
cpe… 		5.6.30 2024-11-21 12:07
2017-07-10 		Show GitHub Exploit DB Packet Storm
124 7.5
5.0 		HIGH
Network 		In PHP before 5.6.31, an invalid free in the WDDX deserialization of boolean parameters could be used by attackers able to inject XML for deserialization to crash the PHP interpreter, related to an i… CWE-416
CWE-502
 Use After Free
 Deserialization of Untrusted Data 		CVE-2017-11143 cpe:2.3:a:php:php:*:* 5.6.30 2024-11-21 12:07
2017-07-10 		Show GitHub Exploit DB Packet Storm
125 7.5
7.8 		HIGH
Network 		In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote attackers could cause a CPU consumption denial of service attack by injecting long form variables, related to main/php_variable… CWE-400
 Uncontrolled Resource Consumption 		CVE-2017-11142 cpe:2.3:a:php:php:7.1.2:*
cpe:2.3:a:php:php:7.1.1:*
cpe:2.3:a:php:php:7.1.0:*
cpe:2.3:a:php:php:7.0.9:*
cpe… 		5.6.30 2024-11-21 12:07
2017-07-10 		Show GitHub Exploit DB Packet Storm
126 7.5
5.0 		HIGH
Network 		In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used by attackers to bypass hostname-specific URL checks, as demonstrated by evil.e… CWE-20
 Improper Input Validation  		CVE-2016-10397 cpe:2.3:a:php:php:7.0.9:*
cpe:2.3:a:php:php:7.0.8:*
cpe:2.3:a:php:php:7.0.7:*
cpe:2.3:a:php:php:7.0.6:*
cpe… 		5.6.27 2024-11-21 11:43
2017-07-10 		Show GitHub Exploit DB Packet Storm
127 9.8
7.5 		CRITICAL
Network 		/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833. CWE-416
 Use After Free 		CVE-2016-4473 cpe:2.3:a:php:php:7.0.7:*
cpe:2.3:a:php:php:5.6.9:*
cpe:2.3:a:php:php:5.6.8:*
cpe:2.3:a:php:php:5.6.7:*
cpe… 		2024-11-21 11:52
2017-06-9 		Show GitHub Exploit DB Packet Storm
128 7.5
5.0 		HIGH
Network 		An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression com… CWE-476
 NULL Pointer Dereference 		CVE-2017-9229 cpe:2.3:a:php:php:*:*
7.1.0
7.0.0
5.6.0 		7.1.5



7.1.7
7.0.21
5.6.31 		2024-11-21 12:35
2017-05-25 		Show GitHub Exploit DB Packet Storm
129 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular express… CWE-125
Out-of-bounds Read 		CVE-2017-9227 cpe:2.3:a:php:php:*:* 7.1.0
7.0.0
5.6.0



7.1.7
7.0.21
5.6.31 		2024-11-21 12:35
2017-05-25 		Show GitHub Exploit DB Packet Storm
130 9.8
7.5 		CRITICAL
Network 		An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular ex… CWE-787
 Out-of-bounds Write 		CVE-2017-9228 cpe:2.3:a:php:php:*:* 7.1.0
7.0.0
5.6.0



7.1.7
7.0.21
5.6.31 		2024-11-21 12:35
2017-05-25 		Show GitHub Exploit DB Packet Storm