PHP PHP

Submit a proposal Propose CVE/GCVE/GHSA reference

Approved changes feed: RSS · Atom

cpe:2.3:a:php:php:-:*:*:*:*:*:*:*

part: a version: - update: *

VendorPhp (9aec2613-7a27-5ce5-8ac7-140851d8da4c)
ProductPhp (38640b93-5029-5cca-a025-ab7d01c98b51)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/php/php-src purl2cpe 2026-06-01 10:17:42.374326

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2016-7405 not_vulnerable 2026-06-03 14:36:07.404749 Details available
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
Published: 2016-10-03T18:00:00.000Z
Updated: 2024-08-06T01:57:47.607Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2007-4596 vulnerable 2026-06-03 14:28:18.959570 Details available
The perl extension in PHP does not follow safe_mode restrictions, which allows context-dependent attackers to execute arbitrary code via the Perl eval function. NOTE: this might only be a vulnerability in limited environments.
Published: 2007-08-30T17:00:00.000Z
Updated: 2024-08-07T15:01:09.601Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2007-2728 vulnerable 2026-06-03 14:28:09.256097 Details available
The soap extension in PHP calls php_rand_r with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcrypt_create_iv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue.
Published: 2007-05-16T22:00:00.000Z
Updated: 2024-08-29T16:00:16.501Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.