Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
51 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
52 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
53 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
54 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
55 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
56 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
57 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
58 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
59 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
60 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
61 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
62 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
63 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
64 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
65 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
66 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
67 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
68 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
69 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
70 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
71 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
72 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
73 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
74 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
75 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
76 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
77 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
78 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
79 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
80 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
81 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
82 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
83 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
84 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
85 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
86 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
87 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
88 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
89 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
90 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
91 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
92 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
93 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
94 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
51 5.9
4.3 		MEDIUM
Network 		In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to s… CWE-74
Injection 		CVE-2019-11045 cpe:2.3:a:php:php:7.4.0:*
cpe:2.3:a:php:php:*:* 		7.3.0
7.2.0 		7.3.13
7.2.26

2024-11-21 13:20
2019-12-23 		Show GitHub Exploit DB Packet Storm
52 7.5
5.0 		HIGH
Network 		In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Windows, PHP link() function accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead t… NVD-CWE-Other
CVE-2019-11044 cpe:2.3:a:php:php:7.4.0:*
cpe:2.3:a:php:php:*:* 		7.3.0
7.2.0 		7.3.13
7.2.26

2024-11-21 13:20
2019-12-23 		Show GitHub Exploit DB Packet Storm
53 9.8
7.5 		CRITICAL
Network 		SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. CWE-89
SQL Injection 		CVE-2011-1939 cpe:2.3:a:php:php:*:* 5.3.6 2024-11-21 10:27
2019-11-27 		Show GitHub Exploit DB Packet Storm
54 7.5
5.0 		HIGH
Network 		Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c. CWE-125
Out-of-bounds Read 		CVE-2019-19246 cpe:2.3:a:php:php:*:* 7.3.0 7.3.10 2024-11-21 13:34
2019-11-26 		Show GitHub Exploit DB Packet Storm
55 7.5
5.0 		HIGH
Network 		PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlTextWriterWriteAttribute, which are then misparsed by libxml2. This results in memory leak into the resulting output. CWE-772
 Missing Release of Resource after Effective Lifetime 		CVE-2010-4657 cpe:2.3:a:php:php:*:* 5.0.0 5.4.4 2024-11-21 10:21
2019-11-14 		Show GitHub Exploit DB Packet Storm
56 9.8
7.5 		CRITICAL
Network 		In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space … CWE-787
 Out-of-bounds Write 		CVE-2019-11043 cpe:2.3:a:php:php:*:* 7.1.0
7.2.0
7.3.0



7.1.33
7.2.24
7.3.11 		2024-11-21 13:20
2019-10-29 		Show GitHub Exploit DB Packet Storm
57 7.1
5.8 		HIGH
Network 		When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to s… CWE-125
Out-of-bounds Read 		CVE-2019-11042 cpe:2.3:a:php:php:*:* 7.1.0
7.2.0
7.3.0



7.1.31
7.2.21
7.3.8 		2024-11-21 13:20
2019-08-10 		Show GitHub Exploit DB Packet Storm
58 7.1
5.8 		HIGH
Network 		When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to s… CWE-125
Out-of-bounds Read 		CVE-2019-11041 cpe:2.3:a:php:php:*:* 7.1.0
7.2.0
7.3.0



7.1.31
7.2.21
7.3.8 		2024-11-21 13:20
2019-08-10 		Show GitHub Exploit DB Packet Storm
59 7.5
5.0 		HIGH
Network 		main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the address/port were 127.0.0.1:80:443, which is later tr… CWE-20
 Improper Input Validation  		CVE-2017-7189 cpe:2.3:a:php:php:*:* 7.0.0 7.0.16 2024-11-21 12:31
2019-07-11 		Show GitHub Exploit DB Packet Storm
60 9.8
7.5 		CRITICAL
Network 		A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted… CWE-416
 Use After Free 		CVE-2019-13224 cpe:2.3:a:php:php:*:* 7.3.0
7.2.0
7.1.0



7.3.9
7.2.23
7.1.32 		2024-11-21 13:24
2019-07-10 		Show GitHub Exploit DB Packet Storm