CVE-2018-5712
16.01.2018, 09:29
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| php | php | 𝑥 ≤ 5.6.32 |
| php | php | 7.0.0 ≤ 𝑥 ≤ 7.0.26 |
| php | php | 7.1.0 < 𝑥 ≤ 7.1.12 |
| php | php | 7.2.0 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| php |
| ||
| php-bcmath |
| ||
| php-cli |
| ||
| php-common |
| ||
| php-dba |
| ||
| php-devel |
| ||
| php-embedded |
| ||
| php-enchant |
| ||
| php-fpm |
| ||
| php-gd |
| ||
| php-intl |
| ||
| php-ldap |
| ||
| php-mbstring |
| ||
| php-mysql |
| ||
| php-mysqlnd |
| ||
| php-odbc |
| ||
| php-pdo |
| ||
| php-pgsql |
| ||
| php-process |
| ||
| php-pspell |
| ||
| php-recode |
| ||
| php-snmp |
| ||
| php-soap |
| ||
| php-xml |
| ||
| php-xmlrpc |
|
References