| CVE-2024-11235 |
|
Cross-Site Request Forgery |
Reference counting in `php_request_shutdown` causes Use-After-Free. |
2025-03-14 |
8.3.0-8.3.18
8.4.0-8.4.4
|
ZendPHP 8.3
ZendPHP 8.4
|
| CVE-2025-1217 |
|
Cross-Site Request Forgery |
Header parser of `http` stream wrapper does not handle folded headers |
2025-03-14 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1219 |
|
Cross-Site Request Forgery |
libxml streams use wrong content-type header when requesting a redirected resource. |
2025-03-14 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1734 |
|
Information Disclosure |
Streams HTTP wrapper does not fail for headers without colon |
2025-03-14 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1736 |
|
Remote Code Execution |
Stream HTTP wrapper header check might omit basic auth header |
2025-03-14 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2025-1861 |
|
Cross-Site Request Forgery |
Stream HTTP wrapper truncate redirect location to 1024 bytes |
2025-03-14 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.27
8.3.0-8.3.18
8.4.0-8.4.4
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendPHP 8.4
ZendServer 2021.4.2
|
| CVE-2024-11233 |
|
Cross-Site Request Forgery |
Single byte overread with convert.quoted-printable-decode filter) ORDER BY 1695-- MXbN |
2024-11-23 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
|
| CVE-2024-11234 |
|
Cross-Site Request Forgery |
Configuring a proxy in a stream context might allow for CRLF injection in URIs |
2024-11-23 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
|
| CVE-2024-11236 |
|
Cross-Site Request Forgery |
Integer overflow in the dblib quoter causing OOB writes |
2024-11-23 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
|
| CVE-2024-8929 |
|
Remote Code Execution |
Leak partial content of the heap through heap buffer over-read |
2024-11-22 |
7.2.0-7.2.34
7.3.0-7.3.33
7.4.0-7.4.33
8.0.0-8.0.30
8.1.0-8.1.31
8.2.0-8.2.26
8.3.0-8.3.14
|
ZendPHP 7.2
ZendPHP 7.3
ZendPHP 7.4
ZendPHP 8.0
ZendPHP 8.1
ZendPHP 8.2
ZendPHP 8.3
ZendServer 2021.4.1
|
