GCVE - cpe:2.3:a:php:php:7.2.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:php:php:7.2.0:*:*:*:*:*:*:*

part: a version: 7.2.0 update: *

Vendor	Php (`9aec2613-7a27-5ce5-8ac7-140851d8da4c`)
Product	Php (`38640b93-5029-5cca-a025-ab7d01c98b51`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/php/php-src`	purl2cpe	2026-06-01 10:17:42.513610

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-5712`	vulnerable	2026-06-03 14:38:58.356671	Details available An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. Published: 2018-01-16T09:00:00.000Z Updated: 2024-08-05T05:40:51.160Z Open on db.gcve.eu Reference links https://usn.ubuntu.com/3600-1/ http://www.securitytracker.com/id/1040363 http://www.securityfocus.com/bid/104020 https://access.redhat.com/errata/RHSA-2018:1296 http://php.net/ChangeLog-5.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-5711`	vulnerable	2026-06-03 14:38:58.355915	Details available gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1, has an integer signedness error that leads to an infinite loop via a crafted GIF file, as demonstrated by a call to the imagecreatefromgif or imagecreatefromstring PHP function. This is related to GetCode_ and gdImageCreateFromGifCtx. Published: 2018-01-16T09:00:00.000Z Updated: 2024-08-05T05:40:51.271Z Open on db.gcve.eu Reference links https://bugs.php.net/bug.php?id=75571 https://usn.ubuntu.com/3755-1/ https://access.redhat.com/errata/RHSA-2018:1296 http://php.net/ChangeLog-5.php https://lists.debian.org/debian-lts-announce/2019/01/msg00028.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-11756`	not_vulnerable	2026-06-03 14:38:01.878847	Details available In PHP Runtime for Apache OpenWhisk, a Docker action inheriting one of the Docker tags openwhisk/action-php-v7.2:1.0.0 or openwhisk/action-php-v7.1:1.0.1 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation. Published: 2018-07-23T17:00:00.000Z Updated: 2024-09-16T17:03:31.828Z Open on db.gcve.eu Reference links https://github.com/apache/incubator-openwhisk-runtime-php/commit/6caf902f527250ee4b7b695929b628d560e0dad1 https://lists.apache.org/thread.html/439bd5ff5822708c645a0d816ed9914b88c97eda32eae6ea211bc0dc%40%3Cdev.openwhisk.apache.org%3E http://www.securityfocus.com/bid/104915	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.