Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
31 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
32 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
33 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
34 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
35 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
36 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
37 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
38 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
39 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
40 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
41 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
42 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
43 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
44 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
45 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
46 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
47 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
48 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
49 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
50 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
51 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
52 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
53 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
54 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
55 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
56 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
57 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
58 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
59 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
60 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
61 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
62 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
63 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
64 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
65 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
66 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
67 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
68 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
69 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
70 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
71 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
72 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
73 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
74 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
31 6.5
6.4 		MEDIUM
Network 		In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually use… CWE-326
Inadequate Encryption Strength 		CVE-2020-7069 cpe:2.3:a:php:php:*:* 7.4.0
7.3.0
7.2.0



7.4.11
7.3.23
7.2.34 		2024-11-21 14:36
2020-10-3 		Show GitHub Exploit DB Packet Storm
32 3.6
3.3 		LOW
Local 		In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which … CWE-416
 Use After Free 		CVE-2020-7068 cpe:2.3:a:php:php:*:* 7.4.0
7.3.0
7.2.0



7.4.9
7.3.21
7.2.33 		2024-11-21 14:36
2020-09-10 		Show GitHub Exploit DB Packet Storm
33 5.3
5.0 		MEDIUM
Network 		In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to alloca… CWE-190
 Integer Overflow or Wraparound 		CVE-2019-11048 cpe:2.3:a:php:php:*:* 7.2.0
7.4.0
7.3.0



7.2.31
7.4.6
7.3.18 		2024-11-21 13:20
2020-05-20 		Show GitHub Exploit DB Packet Storm
34 7.5
5.0 		HIGH
Network 		In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocate… CWE-125
Out-of-bounds Read 		CVE-2020-7067 cpe:2.3:a:php:php:*:* 7.4.0
7.3.0
7.2.0



7.4.5
7.3.17
7.2.30 		2024-11-21 14:36
2020-04-28 		Show GitHub Exploit DB Packet Storm
35 4.3
4.3 		MEDIUM
Network 		In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently trunc… NVD-CWE-Other
CVE-2020-7066 cpe:2.3:a:php:php:*:* 7.3.0
7.2.0
7.4.0



7.3.16
7.2.29
7.4.4 		2024-11-21 14:36
2020-04-1 		Show GitHub Exploit DB Packet Storm
36 8.8
6.8 		HIGH
Network 		In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. Thi… CWE-787
 Out-of-bounds Write 		CVE-2020-7065 cpe:2.3:a:php:php:*:* 7.3.0
7.4.0

7.3.16
7.4.4 		2024-11-21 14:36
2020-04-1 		Show GitHub Exploit DB Packet Storm
37 5.4
5.8 		MEDIUM
Network 		In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of… CWE-125
Out-of-bounds Read 		CVE-2020-7064 cpe:2.3:a:php:php:*:* 7.3.0
7.2.0
7.4.0



7.3.16
7.2.29
7.4.4 		2024-11-21 14:36
2020-04-1 		Show GitHub Exploit DB Packet Storm
38 5.3
5.0 		MEDIUM
Network 		In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (06… CWE-281
 Improper Preservation of Permissions 		CVE-2020-7063 cpe:2.3:a:php:php:*:* 7.2.0
7.3.0
7.4.0 		7.2.27
7.3.14
7.4.2



2024-11-21 14:36
2020-02-28 		Show GitHub Exploit DB Packet Storm
39 7.5
4.3 		HIGH
Network 		In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set … CWE-476
 NULL Pointer Dereference 		CVE-2020-7062 cpe:2.3:a:php:php:*:* 7.2.0
7.3.0
7.4.0 		7.2.27
7.3.14
7.4.2



2024-11-21 14:36
2020-02-28 		Show GitHub Exploit DB Packet Storm
40 9.1
6.4 		CRITICAL
Network 		In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated … CWE-125
Out-of-bounds Read 		CVE-2020-7061 cpe:2.3:a:php:php:*:* 7.2.0
7.3.0
7.4.0 		7.2.27
7.3.14
7.4.2



2024-11-21 14:36
2020-02-28 		Show GitHub Exploit DB Packet Storm