| PHP | Number Of NVD | 699 | CRITICAL | 123 | HIGH | 261 | MEDIUM | 289 | LOW | 26 |
| URL | https://www.php.net/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | It is an open source programming language used around the world as a development language for web applications. It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops. Today, it can be used as a general-purpose scripting language for applications other than web applications. It is a popular language among programming beginners because it is easy to learn. It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP). |
||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://www.php.net/supported-versions.php | ||
| 2 | https://www.php.net/downloads.php | ||
| 3 | https://www.php.net/eol.php | ||
| 4 | https://github.com/php/php-src |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 161 | PHP8.3 | 8.3.28 | Nov. 20, 2025 | June 6, 2024 | Dec. 31, 2025 | Dec. 31, 2027 | 5 | 6 | 4 | 0 | |
| 162 | PHP8.2 | 8.2.29 | July 3, 2025 | Dec. 8, 2022 | Dec. 31, 2024 | Dec. 31, 2026 | 6 | 9 | 6 | 0 | |
| 163 | PHP8.1 | 8.1.33 | July 3, 2025 | Nov. 25, 2021 | Nov. 25, 2023 | Nov. 25, 2024 | 6 | 10 | 6 | 0 | |
| 164 | PHP8.0 | 8.0.30 | Aug. 3, 2023 | Nov. 26, 2020 | Nov. 26, 2022 | Nov. 26, 2023 | 6 | 9 | 11 | 0 | |
| 165 | PHP7.4 | 7.4.33 | Nov. 3, 2022 | Nov. 28, 2019 | Nov. 28, 2021 | Nov. 28, 2022 | 9 | 10 | 19 | 1 | |
| 166 | PHP7.3 | 7.3.33 | Nov. 18, 2021 | Dec. 6, 2018 | Dec. 6, 2020 | Dec. 6, 2021 | 19 | 17 | 21 | 1 | |
| 167 | PHP7.2 | 7.2.34 | Oct. 1, 2020 | Nov. 30, 2017 | Nov. 30, 2019 | Nov. 30, 2020 | 20 | 21 | 21 | 1 | |
| 168 | PHP7.1 | 7.1.33 | Dec. 1, 2019 | Dec. 1, 2016 | Dec. 1, 2018 | Dec. 1, 2019 | 30 | 36 | 10 | 0 | |
| 169 | PHP7.0 | 7.0.33 | Dec. 6, 2018 | Dec. 3, 2015 | Dec. 3, 2017 | Dec. 3, 2018 | 76 | 60 | 14 | 0 | |
| 170 | PHP5.6 | 5.6.40 | Dec. 31, 2018 | Aug. 28, 2014 | Jan. 19, 2017 | Dec. 31, 2018 | 77 | 95 | 41 | 1 | |
| 171 | PHP6.0 | 6.0 | Jan. 1, 2000 | 4 | 8 | 5 | 0 | ||||
| 172 | PHP5.6 | 5.6.9 | Jan. 1, 2000 | 77 | 95 | 41 | 1 | ||||
| 173 | PHP5.5 | 5.5.9 | Jan. 1, 2000 | 72 | 98 | 67 | 3 | ||||
| 174 | PHP5.4 | 5.4.9 | Jan. 1, 2000 | 61 | 103 | 74 | 4 | ||||
| 175 | PHP5.3 | 5.3.9 | Jan. 1, 2000 | 62 | 110 | 134 | 4 | ||||
| 176 | PHP5.2 | 5.2.9 | Jan. 1, 2000 | 63 | 156 | 184 | 7 | ||||
| 177 | PHP5.1 | 5.1.6 | Jan. 1, 2000 | 63 | 150 | 150 | 19 | ||||
| 178 | PHP5.0 | 5.0.5 | Jan. 1, 2000 | 63 | 154 | 157 | 14 | ||||
| 179 | PHP4.4 | 4.4.9 | Jan. 1, 2000 | 62 | 149 | 164 | 20 | ||||
| 180 | PHP4.3 | 4.3.9 | Jan. 1, 2000 | 62 | 158 | 164 | 15 | ||||
| 181 | PHP4.2 | 4.2.4 | Jan. 1, 2000 | 62 | 157 | 166 | 15 | ||||
| 182 | PHP4.1 | 4.1.3 | Jan. 1, 2000 | 62 | 159 | 163 | 15 | ||||
| 183 | PHP4.0 | 4.0.7 | Jan. 1, 2000 | 62 | 161 | 168 | 17 | ||||
| 184 | PHP3.0 | 3.0.9 | Jan. 1, 2000 | 61 | 136 | 140 | 6 | ||||
| 185 | PHP2.0b10 | 2.0b10 | Jan. 1, 2000 | 61 | 124 | 132 | 6 | ||||
| 186 | PHP2.0 | 2.0.2 | Jan. 1, 2000 | 61 | 124 | 132 | 6 | ||||
| 187 | PHP1.5 | 1.5 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 188 | PHP1.4 | 1.4 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 189 | PHP1.3 | 1.3.5 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 190 | PHP1.2 | 1.2.5 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 191 | PHP1.1 | 1.1.1 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 192 | PHP1.0 | 1.0.4 | Jan. 1, 2000 | 61 | 124 | 132 | 6 | ||||
| 193 | PHP0.91 | 0.91 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 194 | PHP0.90 | 0.90 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 195 | PHP0.9 | 0.9.4 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 196 | PHP0.7 | 0.7 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 197 | PHP0.6 | 0.6 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 198 | PHP0.5 | 0.5.3 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 199 | PHP0.4 | 0.4 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 200 | PHP0.3 | 0.3 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 201 | PHP0.2 | 0.2.4 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 202 | PHP0.11 | 0.11 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 203 | PHP0.10 | 0.10 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 204 | PHP0.1 | 0.1.1 | Jan. 1, 2000 | 61 | 120 | 131 | 6 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 161 |
9.8 7.5 |
CRITICAL
Network |
The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enough, which allows remote attackers to cause a denial… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-7414 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.25 |
2024-11-21 11:57 2016-09-18 |
Show | GitHub Exploit DB Packet Storm | |||
| 162 |
9.8 7.5 |
CRITICAL
Network |
Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service or possibly have uns… |
CWE-416
Use After Free |
CVE-2016-7413 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.25 |
2024-11-21 11:57 2016-09-18 |
Show | GitHub Exploit DB Packet Storm | |||
| 163 |
8.1 6.8 |
HIGH
Network |
ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allows remote MySQL servers to cause a denial of servi… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-7412 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.25 |
2024-11-21 11:57 2016-09-18 |
Show | GitHub Exploit DB Packet Storm | |||
| 164 |
9.8 7.5 |
CRITICAL
Network |
ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspe… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-7411 | cpe:2.3:a:php:php:*:* | 5.6.25 |
2024-11-21 11:57 2016-09-18 |
Show | GitHub Exploit DB Packet Storm | |||
| 165 |
9.8 7.5 |
CRITICAL
Network |
ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of service (allocation error and heap-based buffer overf… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-7134 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
2024-11-21 11:57 2016-09-12 |
Show | GitHub Exploit DB Packet Storm | ||||
| 166 |
8.1 6.8 |
HIGH
Network |
Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly… |
CWE-190
Integer Overflow or Wraparound |
CVE-2016-7133 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
2024-11-21 11:57 2016-09-12 |
Show | GitHub Exploit DB Packet Storm | ||||
| 167 |
7.5 5.0 |
HIGH
Network |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other imp… |
CWE-476
NULL Pointer Dereference |
CVE-2016-7132 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.24 |
2024-11-21 11:57 2016-09-12 |
Show | GitHub Exploit DB Packet Storm | |||
| 168 |
7.5 5.0 |
HIGH
Network |
ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other imp… |
CWE-476
NULL Pointer Dereference |
CVE-2016-7131 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.24 |
2024-11-21 11:57 2016-09-12 |
Show | GitHub Exploit DB Packet Storm | |||
| 169 |
7.5 5.0 |
HIGH
Network |
The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) o… |
CWE-476
NULL Pointer Dereference |
CVE-2016-7130 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.24 |
2024-11-21 11:57 2016-09-12 |
Show | GitHub Exploit DB Packet Storm | |||
| 170 |
9.8 7.5 |
CRITICAL
Network |
The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified… |
CWE-20
Improper Input Validation |
CVE-2016-7129 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.24 |
2024-11-21 11:57 2016-09-12 |
Show | GitHub Exploit DB Packet Storm |