| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-0831 | 6.8 |
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related
|
16-08-2022 - 13:31 | 10-02-2012 - 20:55 | |
| CVE-2012-2688 | 10.0 |
Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."
|
22-12-2017 - 02:29 | 20-07-2012 - 10:40 | |
| CVE-2011-1398 | 4.3 |
The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return characters), which allows remote attackers to bypass an HTTP response-splitting protection mechanism via a
|
11-10-2013 - 03:34 | 30-08-2012 - 22:55 |