Software Detail
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
Number of items displayed
PHP Number Of NVD 682 CRITICAL 115 HIGH 256 MEDIUM 285 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 PHP8.2 8.2.10 Aug. 31, 2023 Dec. 8, 2022 1 3 2 0
2 PHP8.1 8.1.28 April 11, 2024 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 4 7 5 0
3 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 5 9 10 0
4 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 8 10 18 1
5 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 18 17 19 1
6 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 19 21 20 1
7 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 29 36 9 0
8 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 75 60 13 0
9 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 76 95 40 1
10 PHP6.0 6.0 Jan. 1, 2000 3 8 4 0
11 PHP5.6 5.6.9 Jan. 1, 2000 76 95 40 1
12 PHP5.5 5.5.9 Jan. 1, 2000 71 98 66 3
13 PHP5.4 5.4.9 Jan. 1, 2000 59 104 73 4
14 PHP5.3 5.3.9 Jan. 1, 2000 60 111 133 4
15 PHP5.2 5.2.9 Jan. 1, 2000 61 157 183 7
16 PHP5.1 5.1.6 Jan. 1, 2000 61 151 149 19
17 PHP5.0 5.0.5 Jan. 1, 2000 61 155 156 14
18 PHP4.4 4.4.9 Jan. 1, 2000 61 150 163 20
19 PHP4.3 4.3.9 Jan. 1, 2000 61 159 163 15
20 PHP4.2 4.2.4 Jan. 1, 2000 61 158 165 15
21 PHP4.1 4.1.3 Jan. 1, 2000 61 160 162 15
22 PHP4.0 4.0.7 Jan. 1, 2000 61 162 167 17
23 PHP3.0 3.0.9 Jan. 1, 2000 60 137 139 6
24 PHP2.0b10 2.0b10 Jan. 1, 2000 60 125 131 6
25 PHP2.0 2.0.2 Jan. 1, 2000 60 125 131 6
26 PHP1.5 1.5 Jan. 1, 2000 60 121 130 6
27 PHP1.4 1.4 Jan. 1, 2000 60 121 130 6
28 PHP1.3 1.3.5 Jan. 1, 2000 60 121 130 6
29 PHP1.2 1.2.5 Jan. 1, 2000 60 121 130 6
30 PHP1.1 1.1.1 Jan. 1, 2000 60 121 130 6
31 PHP1.0 1.0.4 Jan. 1, 2000 60 125 131 6
32 PHP0.91 0.91 Jan. 1, 2000 60 121 130 6
33 PHP0.90 0.90 Jan. 1, 2000 60 121 130 6
34 PHP0.9 0.9.4 Jan. 1, 2000 60 121 130 6
35 PHP0.7 0.7 Jan. 1, 2000 60 121 130 6
36 PHP0.6 0.6 Jan. 1, 2000 60 121 130 6
37 PHP0.5 0.5.3 Jan. 1, 2000 60 121 130 6
38 PHP0.4 0.4 Jan. 1, 2000 60 121 130 6
39 PHP0.3 0.3 Jan. 1, 2000 60 121 130 6
40 PHP0.2 0.2.4 Jan. 1, 2000 60 121 130 6
41 PHP0.11 0.11 Jan. 1, 2000 60 121 130 6
42 PHP0.10 0.10 Jan. 1, 2000 60 121 130 6
43 PHP0.1 0.1.1 Jan. 1, 2000 60 121 130 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 5.5
- 		MEDIUM
Local 		A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. CWE-787
 Out-of-bounds Write 		CVE-2022-4900 cpe:2.3:a:php:php:8.1.0:-
cpe:2.3:a:php:php:8.0.0:-
cpe:2.3:a:php:php:7.4.0:-
cpe:2.3:a:php:php:-:*
cpe:2.3… 		2023-12-1 07:15
2023-11-3 		Show GitHub Exploit DB Packet Storm
2 9.8
- 		CRITICAL
Network 		In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2023-3824 cpe:2.3:a:php:php:*:* 8.1.0
8.0.0
8.2.0



8.1.22
8.0.30
8.2.9 		2023-10-28 03:58
2023-08-11 		Show GitHub Exploit DB Packet Storm
3 7.5
- 		HIGH
Network 		In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are… CWE-611
XXE 		CVE-2023-3823 cpe:2.3:a:php:php:*:* 8.1.0
8.0.0
8.2.0



8.1.22
8.0.30
8.2.9 		2023-10-28 03:58
2023-08-11 		Show GitHub Exploit DB Packet Storm
4 4.3
- 		MEDIUM
Network 		In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower ran… CWE-330
 Use of Insufficiently Random Values 		CVE-2023-3247 cpe:2.3:a:php:php:*:* 8.2.0
8.1.0
8.0.0



8.2.7
8.1.20
8.0.29 		2023-08-2 01:38
2023-07-22 		Show GitHub Exploit DB Packet Storm
5 6.2
- 		MEDIUM
Local 		In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, password_verify() function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password … CWE-916
 Use of Password Hash With Insufficient Computational Effort 		CVE-2023-0567 cpe:2.3:a:php:php:*:* 8.2.0
8.1.0
8.0.0



8.2.3
8.1.16
8.0.28 		2023-11-7 13:00
2023-03-1 		Show GitHub Exploit DB Packet Storm
6 7.5
- 		HIGH
Network 		In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can… CWE-400
 Uncontrolled Resource Consumption 		CVE-2023-0662 cpe:2.3:a:php:php:*:* 8.2.0
8.1.0
8.0.0



8.2.3
8.1.16
8.0.28 		2023-05-18 05:15
2023-02-16 		Show GitHub Exploit DB Packet Storm
7 8.1
- 		HIGH
Network 		In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. When resolving paths with lengths close to system MAXPATHLEN … CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2023-0568 cpe:2.3:a:php:php:*:* 8.2.0
8.1.0
8.0.0



8.2.3
8.1.16
8.0.28 		2023-05-18 05:15
2023-02-16 		Show GitHub Exploit DB Packet Storm
8 7.1
- 		HIGH
Local 		In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used wit… CWE-125
Out-of-bounds Read 		CVE-2022-31630 cpe:2.3:a:php:php:*:* 8.0.0
8.1.0
7.4.0



8.0.25
8.1.12
7.4.33 		2024-04-2 12:15
2022-11-14 		Show GitHub Exploit DB Packet Storm
9 9.8
- 		CRITICAL
Network 		The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic… CWE-190
 Integer Overflow or Wraparound 		CVE-2022-37454 cpe:2.3:a:php:php:*:* 8.0.0
8.1.0
7.2.0



8.0.25
8.1.12
7.4.33 		2023-05-3 20:15
2022-10-21 		Show GitHub Exploit DB Packet Storm
10 5.5
- 		MEDIUM
Local 		In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2022-31628 cpe:2.3:a:php:php:*:* 8.1.0
8.0.0



8.1.11
8.0.24
7.4.31 		2023-11-7 12:47
2022-09-29 		Show GitHub Exploit DB Packet Storm