Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
621 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
622 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
623 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
624 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
625 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
626 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
627 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
628 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
629 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
630 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
631 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
632 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
633 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
634 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
635 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
636 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
637 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
638 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
639 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
640 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
641 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
642 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
643 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
644 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
645 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
646 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
647 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
648 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
649 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
650 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
651 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
652 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
653 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
654 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
655 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
656 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
657 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
658 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
659 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
660 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
661 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
662 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
663 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
664 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
621 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large numb… CWE-79
Cross-site Scripting 		CVE-2006-0996 cpe:2.3:a:php:php:5.1.2:*
cpe:2.3:a:php:php:4.4.2:* 		2017-10-11 10:30
2006-04-11 		Show GitHub Exploit DB Packet Storm
622 -
5.0 		MEDIUM PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the enco… NVD-CWE-Other
CVE-2006-1490 cpe:2.3:a:php:php:5.1.2:*
cpe:2.3:a:php:php:5.1.1:*
cpe:2.3:a:php:php:5.1.0:*
cpe:2.3:a:php:php:5.0:rc3
cpe… 		2023-11-7 10:58
2006-03-30 		Show GitHub Exploit DB Packet Storm
623 -
3.2 		LOW Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, … NVD-CWE-Other
CVE-2006-1014 cpe:2.3:a:php:php:5.1.0:*
cpe:2.3:a:php:php:5.0:rc3
cpe:2.3:a:php:php:5.0:rc2
cpe:2.3:a:php:php:5.0:rc1
cpe… 		2018-10-19 01:30
2006-03-7 		Show GitHub Exploit DB Packet Storm
624 -
6.4 		MEDIUM Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, al… NVD-CWE-Other
CVE-2006-1015 cpe:2.3:a:php:php:5.1.2:*
cpe:2.3:a:php:php:5.1.1:*
cpe:2.3:a:php:php:5.1.0:*
cpe:2.3:a:php:php:5.0:rc3
cpe… 		2018-10-31 01:25
2006-03-7 		Show GitHub Exploit DB Packet Storm
625 -
9.3 		HIGH The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-control… NVD-CWE-Other
CVE-2006-1017 cpe:2.3:a:php:php:5.1.4:*
cpe:2.3:a:php:php:5.1.3:*
cpe:2.3:a:php:php:5.1.2:*
cpe:2.3:a:php:php:5.1.1:*
cpe… 		2018-10-31 01:25
2006-03-7 		Show GitHub Exploit DB Packet Storm
626 -
9.3 		HIGH Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL … CWE-134
Use of Externally-Controlled Format String 		CVE-2006-0200 cpe:2.3:a:php:php:5.1.1:*
cpe:2.3:a:php:php:5.1.0:* 		2018-10-31 01:25
2006-01-14 		Show GitHub Exploit DB Packet Storm
627 -
5.0 		MEDIUM Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/se… CWE-94
Code Injection 		CVE-2006-0207 cpe:2.3:a:php:php:5.1.1:*
cpe:2.3:a:php:php:5.1.0:*
cpe:2.3:a:php:php:5.0:rc3
cpe:2.3:a:php:php:5.0:rc2
cpe… 		2018-10-31 01:25
2006-01-14 		Show GitHub Exploit DB Packet Storm
628 -
2.6 		LOW Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP… CWE-79
Cross-site Scripting 		CVE-2006-0208 cpe:2.3:a:php:php:5.1.1:*
cpe:2.3:a:php:php:5.1.0:*
cpe:2.3:a:php:php:5.0.5:*
cpe:2.3:a:php:php:5.0.4:*
cpe… 		2018-10-31 01:25
2006-01-14 		Show GitHub Exploit DB Packet Storm
629 -
7.5 		HIGH Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) … CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2006-0097 cpe:2.3:a:php:php:4.4.2:*
cpe:2.3:a:php:php:4.4.1:*
cpe:2.3:a:php:php:4.4.0:*
cpe:2.3:a:php:php:4.3.10:* 		2018-10-20 00:42
2006-01-6 		Show GitHub Exploit DB Packet Storm
630 -
5.0 		MEDIUM CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument. NVD-CWE-Other
CVE-2005-3883 cpe:2.3:a:php:php:5.0:rc3
cpe:2.3:a:php:php:5.0:rc2
cpe:2.3:a:php:php:5.0:rc1
cpe:2.3:a:php:php:5.0.5:*
cpe… 		2018-10-31 01:25
2005-11-29 		Show GitHub Exploit DB Packet Storm