PHP Security Center | Zend by Perforce

CVE	Type	Subject	Date	Affected Versions	Fixed Products
CVE-2023-3823	XML eXternal Entity injection	XML External Entity vector	2023-08-11	7.2.0 - 7.2.34 7.3.0 - 7.3.33 7.4.0 - 7.4.33 8.0.0 - 8.0.29 8.1.0 - 8.1.21 8.2.0 - 8.2.8	ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendServer 2019.1.4 ZendServer 2021.3.2
CVE-2023-3247	Information Disclosure	Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP	2023-06-08	7.2.0-7.2.34 7.3.0-7.3.33 7.4.0-7.4.33 8.0.0-8.0.28 8.1.0-8.1.19 8.2.0-8.2.6	ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendServer 2019.1.4 ZendServer 2021.3.2
CVE-2023-0662	Denial of Service	DOS vulnerability when parsing multipart request body	2023-02-14	7.1.0-7.1.33 7.2.0-7.2.34 7.3.0-7.3.33 7.4.0-7.4.33 8.0.0-8.0.27 8.1.0-8.1.15 8.2.0-8.2.2	ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendServer 9.1.16 ZendServer 2019.1.3 ZendServer 2021.3.1
CVE-2022-31631	SQL Injection	CVE-2022-31631 php: PDO::quote() may return unquoted string due to an integer overflow	2023-01-05	7.0.0 - 7.4.33 8.0.0 - 8.0.26 8.1.0 - 8.1.13 8.2.0	ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2
CVE-2022-31630	Information Disclosure	CVE-2022-31630 php: OOB read due to insufficient input validation in imageloadfont()	2022-10-27	7.4.0 - 7.4.32 8.0.0 - 8.0.24 8.1.0 - 8.1.11	ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendServer 2021.3.0
CVE-2022-31628	Denial of Service	CVE-2022-31628 php: phar wrapper can produce a denial of service when using quine gzip file	2022-09-29	5.6.0 - 5.6.40 7.1.0 - 7.1.33 7.2.0 - 7.2.34 7.3.0 - 7.3.33 7.4.0 - 7.4.30 8.0.0 - 8.0.23 8.1.0 - 8.1.10	ZendPHP 5.6 ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendServer 8.1.20 ZendServer 9.1.15 ZendServer 2019.1.2 ZendServer 2021.3.0
CVE-2022-31629	Cross-Site Request Forgery	CVE-2022-31629 php: standard insecure cookie could be treated as a `__Host-` or `__Secure-` cookie by PHP applications	2022-09-29	5.6.0 - 5.6.40 7.1.0 - 7.1.33 7.2.0 - 7.2.34 7.3.0 - 7.3.33 7.4.0 - 7.4.30 8.0.0 - 8.0.23 8.1.0 - 8.1.10	ZendPHP 5.6 ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendServer 8.5.20 ZendServer 9.1.15 ZendServer 2019.1.2 ZendServer 2021.3.0
CVE-2022-31627	Information Disclosure	CVE-2022-31627 php: heap buffer overflow in finfo_buffer	2022-07-08	8.1.0 - 8.1.7	ZendPHP 8.1
CVE-2022-31625	Remote Code Execution	CVE-2022-31625 php: uninitialized array in pg_query_params() leading to RCE	2022-05-16	5.6.0 - 5.6.40 7.1.0 - 7.1.33 7.2.0 - 7.2.34 7.3.0 - 7.3.33 7.4.0 - 7.4.29 8.0.0 - 8.0.19 8.1.0 - 8.1.6	ZendPHP 5.6 ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendServer 8.5.19 ZendServer 9.1.14 ZendServer 2019.1.1 ZendServer 2021.2.0
CVE-2022-31626	Remote Code Execution	CVE-2022-31626 php: password of excessive length triggers buffer overflow leading to RCE	2022-05-16	5.6.0 - 5.6.40 7.1.0 - 7.1.33 7.2.0 - 7.2.34 7.3.0 - 7.3.33 7.4.0 - 7.4.29 8.0.0 - 8.0.19 8.1.0 - 8.1.6	ZendPHP 5.6 ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendServer 8.5.19 ZendServer 9.1.14 ZendServer 2019.1.1 ZendServer 2021.2.0