Max CVSS 6.4 Min CVSS 2.6 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2014-4721 2.6
The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent
07-01-2017 - 03:00 06-07-2014 - 23:55
CVE-2014-5120 6.4
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1)
26-10-2016 - 02:00 23-08-2014 - 01:55
Back to Top Mark selected
Back to Top