Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
PHP Number Of NVD 689 CRITICAL 119 HIGH 257 MEDIUM 287 LOW 26
URL https://www.php.net/
Explanation It is an open source programming language used around the world as a development language for web applications.
It is developed by "The PHP Group" and is used in many open source web applications such as WordPress and Xoops.
Today, it can be used as a general-purpose scripting language for applications other than web applications.
It is a popular language among programming beginners because it is easy to learn.

It has become one of the open source combinations called LAMP (Linux, Apache, MySQL [MariaDB], PHP).
Add Information URL
No Type Name URL
1 https://www.php.net/supported-versions.php
2 https://www.php.net/downloads.php
3 https://www.php.net/eol.php
4 https://github.com/php/php-src
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
81 PHP8.3 8.3.28 Nov. 20, 2025 June 6, 2024 Dec. 31, 2025 Dec. 31, 2027 2 3 2 0
82 PHP8.2 8.2.29 July 3, 2025 Dec. 8, 2022 Dec. 31, 2024 Dec. 31, 2026 3 6 4 0
83 PHP8.1 8.1.33 July 3, 2025 Nov. 25, 2021 Nov. 25, 2023 Nov. 25, 2024 6 10 6 0
84 PHP8.0 8.0.30 Aug. 3, 2023 Nov. 26, 2020 Nov. 26, 2022 Nov. 26, 2023 6 9 11 0
85 PHP7.4 7.4.33 Nov. 3, 2022 Nov. 28, 2019 Nov. 28, 2021 Nov. 28, 2022 9 10 19 1
86 PHP7.3 7.3.33 Nov. 18, 2021 Dec. 6, 2018 Dec. 6, 2020 Dec. 6, 2021 19 17 21 1
87 PHP7.2 7.2.34 Oct. 1, 2020 Nov. 30, 2017 Nov. 30, 2019 Nov. 30, 2020 20 21 21 1
88 PHP7.1 7.1.33 Dec. 1, 2019 Dec. 1, 2016 Dec. 1, 2018 Dec. 1, 2019 30 36 10 0
89 PHP7.0 7.0.33 Dec. 6, 2018 Dec. 3, 2015 Dec. 3, 2017 Dec. 3, 2018 76 60 14 0
90 PHP5.6 5.6.40 Dec. 31, 2018 Aug. 28, 2014 Jan. 19, 2017 Dec. 31, 2018 77 95 41 1
91 PHP6.0 6.0 Jan. 1, 2000 4 8 5 0
92 PHP5.6 5.6.9 Jan. 1, 2000 77 95 41 1
93 PHP5.5 5.5.9 Jan. 1, 2000 72 98 67 3
94 PHP5.4 5.4.9 Jan. 1, 2000 61 103 74 4
95 PHP5.3 5.3.9 Jan. 1, 2000 62 110 134 4
96 PHP5.2 5.2.9 Jan. 1, 2000 63 156 184 7
97 PHP5.1 5.1.6 Jan. 1, 2000 63 150 150 19
98 PHP5.0 5.0.5 Jan. 1, 2000 63 154 157 14
99 PHP4.4 4.4.9 Jan. 1, 2000 62 149 164 20
100 PHP4.3 4.3.9 Jan. 1, 2000 62 158 164 15
101 PHP4.2 4.2.4 Jan. 1, 2000 62 157 166 15
102 PHP4.1 4.1.3 Jan. 1, 2000 62 159 163 15
103 PHP4.0 4.0.7 Jan. 1, 2000 62 161 168 17
104 PHP3.0 3.0.9 Jan. 1, 2000 61 136 140 6
105 PHP2.0b10 2.0b10 Jan. 1, 2000 61 124 132 6
106 PHP2.0 2.0.2 Jan. 1, 2000 61 124 132 6
107 PHP1.5 1.5 Jan. 1, 2000 61 120 131 6
108 PHP1.4 1.4 Jan. 1, 2000 61 120 131 6
109 PHP1.3 1.3.5 Jan. 1, 2000 61 120 131 6
110 PHP1.2 1.2.5 Jan. 1, 2000 61 120 131 6
111 PHP1.1 1.1.1 Jan. 1, 2000 61 120 131 6
112 PHP1.0 1.0.4 Jan. 1, 2000 61 124 132 6
113 PHP0.91 0.91 Jan. 1, 2000 61 120 131 6
114 PHP0.90 0.90 Jan. 1, 2000 61 120 131 6
115 PHP0.9 0.9.4 Jan. 1, 2000 61 120 131 6
116 PHP0.7 0.7 Jan. 1, 2000 61 120 131 6
117 PHP0.6 0.6 Jan. 1, 2000 61 120 131 6
118 PHP0.5 0.5.3 Jan. 1, 2000 61 120 131 6
119 PHP0.4 0.4 Jan. 1, 2000 61 120 131 6
120 PHP0.3 0.3 Jan. 1, 2000 61 120 131 6
121 PHP0.2 0.2.4 Jan. 1, 2000 61 120 131 6
122 PHP0.11 0.11 Jan. 1, 2000 61 120 131 6
123 PHP0.10 0.10 Jan. 1, 2000 61 120 131 6
124 PHP0.1 0.1.1 Jan. 1, 2000 61 120 131 6
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
81 7.5
5.0 		HIGH
Network 		ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument t… CWE-476
 NULL Pointer Dereference 		CVE-2018-19935 cpe:2.3:a:php:php:*:* 7.2.0
7.0.0
7.1.0
5.6.0





7.2.14
7.0.33
7.1.26
5.6.39 		2024-11-21 12:58
2018-12-7 		Show GitHub Exploit DB Packet Storm
82 8.8
6.5 		HIGH
Network 		An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent u… CWE-94
Code Injection 		CVE-2018-19520 cpe:2.3:a:php:php:*:* 5.0.0 5.6.38 2024-11-21 12:58
2018-11-26 		Show GitHub Exploit DB Packet Storm
83 7.5
8.5 		HIGH
Network 		University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_a… CWE-88
Argument Injection 		CVE-2018-19518 cpe:2.3:a:php:php:*:* 5.6.0
7.2.0
7.1.0
7.0.0 		5.6.38
7.2.12
7.1.24
7.0.32





2024-11-21 12:58
2018-11-25 		Show GitHub Exploit DB Packet Storm
84 7.5
5.0 		HIGH
Network 		ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class. CWE-502
 Deserialization of Untrusted Data 		CVE-2018-19396 cpe:2.3:a:php:php:*:* 5.0.0 7.1.24 2024-11-21 12:57
2018-11-21 		Show GitHub Exploit DB Packet Storm
85 7.5
5.0 		HIGH
Network 		ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL … CWE-476
 NULL Pointer Dereference 		CVE-2018-19395 cpe:2.3:a:php:php:*:* 5.0.0 7.1.24 2024-11-21 12:57
2018-11-21 		Show GitHub Exploit DB Packet Storm
86 6.1
4.3 		MEDIUM
Network 		The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket bri… CWE-79
Cross-site Scripting 		CVE-2018-17082 cpe:2.3:a:php:php:*:* 7.0.0

7.1.0
7.2.0





7.0.32
5.6.38
7.1.22
7.2.10 		2024-11-21 12:53
2018-09-17 		Show GitHub Exploit DB Packet Storm
87 7.5
5.0 		HIGH
Network 		An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn't implement the ope… CWE-200
Information Exposure 		CVE-2018-15132 cpe:2.3:a:php:php:*:* 7.2.0
7.1.0

7.0.0





7.2.8
7.1.20
5.6.37
7.0.31 		2024-11-21 12:50
2018-08-8 		Show GitHub Exploit DB Packet Storm
88 7.5
5.0 		HIGH
Network 		An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ex… CWE-476
 NULL Pointer Dereference 		CVE-2018-14884 cpe:2.3:a:php:php:*:* 7.2.0
7.1.0
7.0.0



7.2.1
7.1.13
7.0.27 		2024-11-21 12:50
2018-08-3 		Show GitHub Exploit DB Packet Storm
89 7.5
5.0 		HIGH
Network 		An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of… CWE-125
CWE-190
Out-of-bounds Read
 Integer Overflow or Wraparound 		CVE-2018-14883 cpe:2.3:a:php:php:*:* 7.2.0
7.1.0

7.0.0





7.2.8
7.1.20
5.6.37
7.0.31 		2024-11-21 12:50
2018-08-3 		Show GitHub Exploit DB Packet Storm
90 5.5
4.3 		MEDIUM
Local 		exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bo… CWE-125
Out-of-bounds Read 		CVE-2018-14851 cpe:2.3:a:php:php:*:* 7.2.0
7.1.0
7.0.0


5.6.36


7.2.8
7.1.20
7.0.31
 2024-11-21 12:49
2018-08-3 		Show GitHub Exploit DB Packet Storm