Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
361 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
362 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
363 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
364 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
365 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
366 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
367 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
368 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
369 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
370 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
371 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
372 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
373 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
374 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
375 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
376 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
377 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
378 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
379 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
380 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
381 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
382 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
383 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
384 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
385 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
386 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
387 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
388 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
389 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
390 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
391 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
392 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
393 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
394 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
395 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
396 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
397 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
398 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
399 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
400 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
401 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
402 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
403 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
404 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
361 -
7.5 		HIGH php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging impro… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-2335 cpe:2.3:a:php:php:5.4.2:*
cpe:2.3:a:php:php:5.3.12:* 		2024-11-21 10:38
2012-05-11 		Show GitHub Exploit DB Packet Storm
362 -
5.0 		MEDIUM Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in t… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2012-2329 cpe:2.3:a:php:php:5.4.2:*
cpe:2.3:a:php:php:5.4.1:*
cpe:2.3:a:php:php:5.4.0:* 		2024-11-21 10:38
2012-05-11 		Show GitHub Exploit DB Packet Storm
363 -
7.5 		HIGH sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sig… CWE-89
SQL Injection 		CVE-2012-2311 cpe:2.3:a:php:php:5.4.1:*
cpe:2.3:a:php:php:5.4.0:beta2
cpe:2.3:a:php:php:5.4.0:*
cpe:2.3:a:php:php:5.3.9:* 		5.3.12 2024-11-21 10:38
2012-05-11 		Show GitHub Exploit DB Packet Storm
364 -
5.0 		MEDIUM Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not prop… CWE-399
 Resource Management Errors 		CVE-2012-0789 cpe:2.3:a:php:php:5.3.7:*
cpe:2.3:a:php:php:5.3.6:*
cpe:2.3:a:php:php:5.3.5:*
cpe:2.3:a:php:php:5.3.4:*
cpe… 		5.3.8 2024-11-21 10:35
2012-02-15 		Show GitHub Exploit DB Packet Storm
365 -
5.0 		MEDIUM The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted applica… CWE-20
 Improper Input Validation  		CVE-2012-0788 cpe:2.3:a:php:php:5.3.7:*
cpe:2.3:a:php:php:5.3.6:*
cpe:2.3:a:php:php:5.3.5:*
cpe:2.3:a:php:php:5.3.4:*
cpe… 		5.3.8 2024-11-21 10:35
2012-02-15 		Show GitHub Exploit DB Packet Storm
366 -
6.8 		MEDIUM PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct S… CWE-20
 Improper Input Validation  		CVE-2012-0831 cpe:2.3:a:php:php:*:* 5.3.10 2024-11-21 10:35
2012-02-11 		Show GitHub Exploit DB Packet Storm
367 -
7.5 		HIGH The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handl… CWE-399
 Resource Management Errors 		CVE-2012-0830 cpe:2.3:a:php:php:5.3.9:* 2024-11-21 10:35
2012-02-7 		Show GitHub Exploit DB Packet Storm
368 -
6.4 		MEDIUM PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-0057 cpe:2.3:a:php:php:5.3.7:*
cpe:2.3:a:php:php:5.3.6:*
cpe:2.3:a:php:php:5.3.5:*
cpe:2.3:a:php:php:5.3.4:*
cpe… 		5.3.8 2024-11-21 10:34
2012-02-2 		Show GitHub Exploit DB Packet Storm
369 -
5.0 		MEDIUM The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to… CWE-399
 Resource Management Errors 		CVE-2012-0781 cpe:2.3:a:php:php:5.3.8:* 2024-11-21 10:35
2012-01-19 		Show GitHub Exploit DB Packet Storm
370 -
5.0 		MEDIUM PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via cra… CWE-20
 Improper Input Validation  		CVE-2011-4153 cpe:2.3:a:php:php:5.3.8:* 2024-11-21 10:31
2012-01-19 		Show GitHub Exploit DB Packet Storm