Software Detail

Software Informaton Top

Programming

Software Detail

PHP

Number Of NVD

689

CRITICAL

119

HIGH

257

MEDIUM

287

LOW

URL	https://www.php.net/
Explanation	It is an open source programming language used around the world as a development language for web applications. It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops. Today, it can be used as a general-purpose scripting language for applications other than web applications. It is a popular language among programming beginners because it is easy to learn. It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).

Add Information URL

No	Type	Name	URL
1			https://www.php.net/supported-versions.php
2			https://www.php.net/downloads.php
3			https://www.php.net/eol.php
4			https://github.com/php/php-src

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Critical	High	Medium	Low
661	PHP8.3	8.3.28	Nov. 20, 2025	June 6, 2024	Dec. 31, 2025	Dec. 31, 2027	2	3	2	0
662	PHP8.2	8.2.29	July 3, 2025	Dec. 8, 2022	Dec. 31, 2024	Dec. 31, 2026	3	6	4	0
663	PHP8.1	8.1.33	July 3, 2025	Nov. 25, 2021	Nov. 25, 2023	Nov. 25, 2024	6	10	6	0
664	PHP8.0	8.0.30	Aug. 3, 2023	Nov. 26, 2020	Nov. 26, 2022	Nov. 26, 2023	6	9	11	0
665	PHP7.4	7.4.33	Nov. 3, 2022	Nov. 28, 2019	Nov. 28, 2021	Nov. 28, 2022	9	10	19	1
666	PHP7.3	7.3.33	Nov. 18, 2021	Dec. 6, 2018	Dec. 6, 2020	Dec. 6, 2021	19	17	21	1
667	PHP7.2	7.2.34	Oct. 1, 2020	Nov. 30, 2017	Nov. 30, 2019	Nov. 30, 2020	20	21	21	1
668	PHP7.1	7.1.33	Dec. 1, 2019	Dec. 1, 2016	Dec. 1, 2018	Dec. 1, 2019	30	36	10	0
669	PHP7.0	7.0.33	Dec. 6, 2018	Dec. 3, 2015	Dec. 3, 2017	Dec. 3, 2018	76	60	14	0
670	PHP5.6	5.6.40	Dec. 31, 2018	Aug. 28, 2014	Jan. 19, 2017	Dec. 31, 2018	77	95	41	1
671	PHP6.0	6.0			Jan. 1, 2000		4	8	5	0
672	PHP5.6	5.6.9			Jan. 1, 2000		77	95	41	1
673	PHP5.5	5.5.9			Jan. 1, 2000		72	98	67	3
674	PHP5.4	5.4.9			Jan. 1, 2000		61	103	74	4
675	PHP5.3	5.3.9			Jan. 1, 2000		62	110	134	4
676	PHP5.2	5.2.9			Jan. 1, 2000		63	156	184	7
677	PHP5.1	5.1.6			Jan. 1, 2000		63	150	150	19
678	PHP5.0	5.0.5			Jan. 1, 2000		63	154	157	14
679	PHP4.4	4.4.9			Jan. 1, 2000		62	149	164	20
680	PHP4.3	4.3.9			Jan. 1, 2000		62	158	164	15
681	PHP4.2	4.2.4			Jan. 1, 2000		62	157	166	15
682	PHP4.1	4.1.3			Jan. 1, 2000		62	159	163	15
683	PHP4.0	4.0.7			Jan. 1, 2000		62	161	168	17
684	PHP3.0	3.0.9			Jan. 1, 2000		61	136	140	6
685	PHP2.0b10	2.0b10			Jan. 1, 2000		61	124	132	6
686	PHP2.0	2.0.2			Jan. 1, 2000		61	124	132	6
687	PHP1.5	1.5			Jan. 1, 2000		61	120	131	6
688	PHP1.4	1.4			Jan. 1, 2000		61	120	131	6
689	PHP1.3	1.3.5			Jan. 1, 2000		61	120	131	6
690	PHP1.2	1.2.5			Jan. 1, 2000		61	120	131	6
691	PHP1.1	1.1.1			Jan. 1, 2000		61	120	131	6
692	PHP1.0	1.0.4			Jan. 1, 2000		61	124	132	6
693	PHP0.91	0.91			Jan. 1, 2000		61	120	131	6
694	PHP0.90	0.90			Jan. 1, 2000		61	120	131	6
695	PHP0.9	0.9.4			Jan. 1, 2000		61	120	131	6
696	PHP0.7	0.7			Jan. 1, 2000		61	120	131	6
697	PHP0.6	0.6			Jan. 1, 2000		61	120	131	6
698	PHP0.5	0.5.3			Jan. 1, 2000		61	120	131	6
699	PHP0.4	0.4			Jan. 1, 2000		61	120	131	6
700	PHP0.3	0.3			Jan. 1, 2000		61	120	131	6
701	PHP0.2	0.2.4			Jan. 1, 2000		61	120	131	6
702	PHP0.11	0.11			Jan. 1, 2000		61	120	131	6
703	PHP0.10	0.10			Jan. 1, 2000		61	120	131	6
704	PHP0.1	0.1.1			Jan. 1, 2000		61	120	131	6

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	or less	Update date Published date	Show Affected	Exploit PoC Search
661	- 7.5	HIGH	The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from…	NVD-CWE-Other	CVE-2003-0863	cpe:2.3:a:php:php:4.3.2:* cpe:2.3:a:php:php:4.3.1:* cpe:2.3:a:php:php:4.3.0:*		2018-10-31 01:25 2003-11-17	Show	GitHub Exploit DB Packet Storm

662	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the transparent SID support capability for PHP before 4.3.2 (session.use_trans_sid) allows remote attackers to insert arbitrary script via the PHPSESSID pa…	NVD-CWE-Other	CVE-2003-0442	cpe:2.3:a:php:php::	4.3.1	2018-05-3 10:29 2003-07-24	Show	GitHub Exploit DB Packet Storm

663	- 7.5	HIGH	Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments…	NVD-CWE-Other	CVE-2003-0166	cpe:2.3:a:php:php:4.3.1:* cpe:2.3:a:php:php:4.3.0:* cpe:2.3:a:php:php:4.2.3:* cpe:2.3:a:php:php:4.2.2:* cpe…		2018-10-31 01:25 2003-04-2	Show	GitHub Exploit DB Packet Storm

664	- 7.5	HIGH	Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filenam…	NVD-CWE-Other	CVE-2003-0172	cpe:2.3:a:php:php:4.3.1:*		2017-07-11 10:29 2003-04-2	Show	GitHub Exploit DB Packet Storm

665	- 7.5	HIGH	Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_re…	NVD-CWE-Other	CVE-2003-0097	cpe:2.3:a:php:php:4.3.0:*		2018-10-31 01:25 2003-03-3	Show	GitHub Exploit DB Packet Storm

666	- 7.5	HIGH	Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.	NVD-CWE-Other	CVE-2002-1396	cpe:2.3:a:php:php:4.2.3:* cpe:2.3:a:php:php:4.2.2:* cpe:2.3:a:php:php:4.2.1:* cpe:2.3:a:php:php:4.2.0:* cpe…		2018-05-3 10:29 2003-01-17	Show	GitHub Exploit DB Packet Storm

667	- 5.0	MEDIUM	CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_url_fopen is enabled, allows remote attackers to modify HTTP headers for outgoing requests by causing CRLF sequences to be injected…	NVD-CWE-Other	CVE-2002-1783	cpe:2.3:a:php:php:4.2.3:* cpe:2.3:a:php:php:4.2.2:* cpe:2.3:a:php:php:4.2.1:* cpe:2.3:a:php:php:4.2.0:* cpe…		2017-07-11 10:29 2002-12-31	Show	GitHub Exploit DB Packet Storm

668	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinf…	NVD-CWE-Other	CVE-2002-1954	cpe:2.3:a:php:php:4.2.3:*		2008-09-6 05:31 2002-12-31	Show	GitHub Exploit DB Packet Storm

669	- 5.0	MEDIUM	The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long "To" header.	NVD-CWE-Other	CVE-2002-2214	cpe:2.3:a:php:php:4.2:* cpe:2.3:a:php:php:4.2.1:* cpe:2.3:a:php:php:4.2.0:*		2008-09-6 05:32 2002-12-31	Show	GitHub Exploit DB Packet Storm

670	- 5.0	MEDIUM	The imap_header function in the IMAP functionality for PHP before 4.3.0 allows remote attackers to cause a denial of service via an e-mail message with a large number of "To" addresses, which trigger…	NVD-CWE-Other	CVE-2002-2215	cpe:2.3:a:php:php:4.2:* cpe:2.3:a:php:php:4.2.2:* cpe:2.3:a:php:php:4.2.1:* cpe:2.3:a:php:php:4.2.0:* cpe:2…	4.2.3	2008-09-6 05:32 2002-12-31	Show	GitHub Exploit DB Packet Storm