|Max CVSS||10.0||Min CVSS||4.3||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related
|18-01-2018 - 02:29||10-02-2012 - 20:55|
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
|22-12-2017 - 02:29||20-07-2012 - 10:40|
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a
|11-10-2013 - 03:34||30-08-2012 - 22:55|