Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
See How Zend Helps Leading Hosting Providers Keep Their Managed Sites on Secure PHP
Read More
Learn PHP from PHP experts with free, on-demand, and instructor led courses.
Explore Training
Submit support requests and browse self-service resources.
Explore Support
Cross-Site Request Forgery
Reference counting in `php_request_shutdown` causes Use-After-Free.
2025-03-14
Header parser of `http` stream wrapper does not handle folded headers
libxml streams use wrong content-type header when requesting a redirected resource.
Information Disclosure
Streams HTTP wrapper does not fail for headers without colon
Remote Code Execution
Stream HTTP wrapper header check might omit basic auth header
Stream HTTP wrapper truncate redirect location to 1024 bytes
Single byte overread with convert.quoted-printable-decode filter) ORDER BY 1695-- MXbN
2024-11-23
Configuring a proxy in a stream context might allow for CRLF injection in URIs
Integer overflow in the dblib quoter causing OOB writes
Leak partial content of the heap through heap buffer over-read
2024-11-22
