PHP Security Center | Zend by Perforce

CVE	Type	Subject	Date	Affected Versions	Fixed Products
CVE-2024-2756	Cross-Site Request Forgery	Host/Secure cookie bypass due to partial CVE-2022-31629 fix	2024-04-12	7.4.0 - 7.4.33 8.0.0 - 8.0.30 8.1.0 - 8.1.27 8.2.0 - 8.2.17 8.3.0 - 8.3.5	ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendPHP 8.3
CVE-2024-2757	Denial of Service	Infinite loop in mb_encode_mimeheader for some inputs	2024-04-12	8.3.0 - 8.3.5	ZendPHP 8.3
CVE-2024-3096	Privilege Escalation	password_verify can erroneously return true	2024-04-12	5.5.0 - 7.1.33 7.2.0 - 7.2.34 7.3.0 - 7.3.33 7.4.0 - 7.4.33 8.0.0 - 8.0.30 8.1.0 - 8.1.27 8.2.0 - 8.2.17 8.3.0 - 8.3.5	ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendPHP 8.3
CVE-2024-1874	Remote Code Execution	Command injection via array-ish $command parameter of proc_open even if`bypass_shell option enabled on Windows	2024-02-25	7.4.0 - 7.4.33 8.0.0 - 8.0.30 8.1.0 - 8.1.27 8.2.0 - 8.2.17 8.3.0 - 8.3.5	ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendPHP 8.3
CVE-2023-3823	Cross-Site Request Forgery	XML External Entity vector	2023-08-11	7.2.0 - 7.2.34 7.3.0 - 7.3.33 7.4.0 - 7.4.33 8.0.0 - 8.0.29 8.1.0 - 8.1.21 8.2.0 - 8.2.8	ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendServer 2019.1.4 ZendServer 2021.3.2
CVE-2023-3247	Cross-Site Request Forgery	Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP	2023-06-08	7.2.0-7.2.34 7.3.0-7.3.33 7.4.0-7.4.33 8.0.0-8.0.28 8.1.0-8.1.19 8.2.0-8.2.6	ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendServer 2019.1.4 ZendServer 2021.3.2
CVE-2023-0662	Cross-Site Request Forgery	DOS vulnerability when parsing multipart request body	2023-02-14	7.1.0-7.1.33 7.2.0-7.2.34 7.3.0-7.3.33 7.4.0-7.4.33 8.0.0-8.0.27 8.1.0-8.1.15 8.2.0-8.2.2	ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2 ZendServer 9.1.16 ZendServer 2019.1.3 ZendServer 2021.3.1
CVE-2022-31631	SQL Injection	CVE-2022-31631 php: PDO::quote() may return unquoted string due to an integer overflow	2023-01-05	7.0.0 - 7.4.33 8.0.0 - 8.0.26 8.1.0 - 8.1.13 8.2.0	ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendPHP 8.2
CVE-2022-31630	Cross-Site Request Forgery	CVE-2022-31630 php: OOB read due to insufficient input validation in imageloadfont()	2022-10-27	7.4.0 - 7.4.32 8.0.0 - 8.0.24 8.1.0 - 8.1.11	ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendServer 2021.3.0
CVE-2022-31628	Remote Code Execution	CVE-2022-31628 php: phar wrapper can produce a denial of service when using quine gzip file	2022-09-29	5.6.0 - 5.6.40 7.1.0 - 7.1.33 7.2.0 - 7.2.34 7.3.0 - 7.3.33 7.4.0 - 7.4.30 8.0.0 - 8.0.23 8.1.0 - 8.1.10	ZendPHP 5.6 ZendPHP 7.1 ZendPHP 7.2 ZendPHP 7.3 ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendServer 8.1.20 ZendServer 9.1.15 ZendServer 2019.1.2 ZendServer 2021.3.0