| PHP | Number Of NVD | 689 | CRITICAL | 119 | HIGH | 257 | MEDIUM | 287 | LOW | 26 |
| URL | https://www.php.net/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | It is an open source programming language used around the world as a development language for web applications. It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops. Today, it can be used as a general-purpose scripting language for applications other than web applications. It is a popular language among programming beginners because it is easy to learn. It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP). |
||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://www.php.net/supported-versions.php | ||
| 2 | https://www.php.net/downloads.php | ||
| 3 | https://www.php.net/eol.php | ||
| 4 | https://github.com/php/php-src |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 141 | PHP8.3 | 8.3.28 | Nov. 20, 2025 | June 6, 2024 | Dec. 31, 2025 | Dec. 31, 2027 | 2 | 3 | 2 | 0 | |
| 142 | PHP8.2 | 8.2.29 | July 3, 2025 | Dec. 8, 2022 | Dec. 31, 2024 | Dec. 31, 2026 | 3 | 6 | 4 | 0 | |
| 143 | PHP8.1 | 8.1.33 | July 3, 2025 | Nov. 25, 2021 | Nov. 25, 2023 | Nov. 25, 2024 | 6 | 10 | 6 | 0 | |
| 144 | PHP8.0 | 8.0.30 | Aug. 3, 2023 | Nov. 26, 2020 | Nov. 26, 2022 | Nov. 26, 2023 | 6 | 9 | 11 | 0 | |
| 145 | PHP7.4 | 7.4.33 | Nov. 3, 2022 | Nov. 28, 2019 | Nov. 28, 2021 | Nov. 28, 2022 | 9 | 10 | 19 | 1 | |
| 146 | PHP7.3 | 7.3.33 | Nov. 18, 2021 | Dec. 6, 2018 | Dec. 6, 2020 | Dec. 6, 2021 | 19 | 17 | 21 | 1 | |
| 147 | PHP7.2 | 7.2.34 | Oct. 1, 2020 | Nov. 30, 2017 | Nov. 30, 2019 | Nov. 30, 2020 | 20 | 21 | 21 | 1 | |
| 148 | PHP7.1 | 7.1.33 | Dec. 1, 2019 | Dec. 1, 2016 | Dec. 1, 2018 | Dec. 1, 2019 | 30 | 36 | 10 | 0 | |
| 149 | PHP7.0 | 7.0.33 | Dec. 6, 2018 | Dec. 3, 2015 | Dec. 3, 2017 | Dec. 3, 2018 | 76 | 60 | 14 | 0 | |
| 150 | PHP5.6 | 5.6.40 | Dec. 31, 2018 | Aug. 28, 2014 | Jan. 19, 2017 | Dec. 31, 2018 | 77 | 95 | 41 | 1 | |
| 151 | PHP6.0 | 6.0 | Jan. 1, 2000 | 4 | 8 | 5 | 0 | ||||
| 152 | PHP5.6 | 5.6.9 | Jan. 1, 2000 | 77 | 95 | 41 | 1 | ||||
| 153 | PHP5.5 | 5.5.9 | Jan. 1, 2000 | 72 | 98 | 67 | 3 | ||||
| 154 | PHP5.4 | 5.4.9 | Jan. 1, 2000 | 61 | 103 | 74 | 4 | ||||
| 155 | PHP5.3 | 5.3.9 | Jan. 1, 2000 | 62 | 110 | 134 | 4 | ||||
| 156 | PHP5.2 | 5.2.9 | Jan. 1, 2000 | 63 | 156 | 184 | 7 | ||||
| 157 | PHP5.1 | 5.1.6 | Jan. 1, 2000 | 63 | 150 | 150 | 19 | ||||
| 158 | PHP5.0 | 5.0.5 | Jan. 1, 2000 | 63 | 154 | 157 | 14 | ||||
| 159 | PHP4.4 | 4.4.9 | Jan. 1, 2000 | 62 | 149 | 164 | 20 | ||||
| 160 | PHP4.3 | 4.3.9 | Jan. 1, 2000 | 62 | 158 | 164 | 15 | ||||
| 161 | PHP4.2 | 4.2.4 | Jan. 1, 2000 | 62 | 157 | 166 | 15 | ||||
| 162 | PHP4.1 | 4.1.3 | Jan. 1, 2000 | 62 | 159 | 163 | 15 | ||||
| 163 | PHP4.0 | 4.0.7 | Jan. 1, 2000 | 62 | 161 | 168 | 17 | ||||
| 164 | PHP3.0 | 3.0.9 | Jan. 1, 2000 | 61 | 136 | 140 | 6 | ||||
| 165 | PHP2.0b10 | 2.0b10 | Jan. 1, 2000 | 61 | 124 | 132 | 6 | ||||
| 166 | PHP2.0 | 2.0.2 | Jan. 1, 2000 | 61 | 124 | 132 | 6 | ||||
| 167 | PHP1.5 | 1.5 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 168 | PHP1.4 | 1.4 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 169 | PHP1.3 | 1.3.5 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 170 | PHP1.2 | 1.2.5 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 171 | PHP1.1 | 1.1.1 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 172 | PHP1.0 | 1.0.4 | Jan. 1, 2000 | 61 | 124 | 132 | 6 | ||||
| 173 | PHP0.91 | 0.91 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 174 | PHP0.90 | 0.90 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 175 | PHP0.9 | 0.9.4 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 176 | PHP0.7 | 0.7 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 177 | PHP0.6 | 0.6 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 178 | PHP0.5 | 0.5.3 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 179 | PHP0.4 | 0.4 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 180 | PHP0.3 | 0.3 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 181 | PHP0.2 | 0.2.4 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 182 | PHP0.11 | 0.11 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 183 | PHP0.10 | 0.10 | Jan. 1, 2000 | 61 | 120 | 131 | 6 | ||||
| 184 | PHP0.1 | 0.1.1 | Jan. 1, 2000 | 61 | 120 | 131 | 6 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 141 |
9.8 7.5 |
CRITICAL
Network |
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via craft… |
CWE-416
Use After Free |
CVE-2016-9936 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
2024-11-21 12:02 2017-01-5 |
Show | GitHub Exploit DB Packet Storm | ||||
| 142 |
9.8 7.5 |
CRITICAL
Network |
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or pos… |
CWE-125
Out-of-bounds Read |
CVE-2016-9935 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.28 |
2024-11-21 12:02 2017-01-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 143 |
7.5 5.0 |
HIGH
Network |
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as… |
CWE-476
NULL Pointer Dereference |
CVE-2016-9934 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.27 |
2024-11-21 12:02 2017-01-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 144 |
9.8 7.5 |
CRITICAL
Network |
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing, which allows remote attackers to cause a denial of service or possibly have unspecified other im… |
CWE-416
Use After Free |
CVE-2016-9138 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.27 |
2024-11-21 12:00 2017-01-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 145 |
9.8 7.5 |
CRITICAL
Network |
Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have un… |
CWE-416
Use After Free |
CVE-2016-9137 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.26 |
2024-11-21 12:00 2017-01-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 146 |
9.8 7.5 |
CRITICAL
Network |
The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does not properly restrict calls to the ICU uresbund.cpp… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2014-9912 |
cpe:2.3:a:php:php:5.5.9:* cpe:2.3:a:php:php:5.5.8:* cpe:2.3:a:php:php:5.5.7:* cpe:2.3:a:php:php:5.5.6:* cpe… |
5.3.28 |
2024-11-21 11:21 2017-01-5 |
Show | GitHub Exploit DB Packet Storm | |||
| 147 |
9.8 7.5 |
CRITICAL
Network |
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service … |
CWE-190
Integer Overflow or Wraparound |
CVE-2016-7568 | cpe:2.3:a:php:php:*:* |
7.0.0 5.6.0 |
7.0.11 5.6.26 |
|
|
2024-11-21 11:58 2016-09-29 |
Show | GitHub Exploit DB Packet Storm |
| 148 |
7.5 5.0 |
HIGH
Network |
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service (invalid pointer access and out-of-bounds read) o… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-7418 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.25 |
2024-11-21 11:57 2016-09-18 |
Show | GitHub Exploit DB Packet Storm | |||
| 149 |
9.8 7.5 |
CRITICAL
Network |
ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type, which allows remote attackers to cause a denial … |
CWE-20
Improper Input Validation |
CVE-2016-7417 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.25 |
2024-11-21 11:57 2016-09-18 |
Show | GitHub Exploit DB Packet Storm | |||
| 150 |
7.5 5.0 |
HIGH
Network |
ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale class in the ICU library, which allows remote atta… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-7416 |
cpe:2.3:a:php:php:7.0.9:* cpe:2.3:a:php:php:7.0.8:* cpe:2.3:a:php:php:7.0.7:* cpe:2.3:a:php:php:7.0.6:* cpe… |
5.6.25 |
2024-11-21 11:57 2016-09-18 |
Show | GitHub Exploit DB Packet Storm |