CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
Cross-site Scripting
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
phpphp
𝑥
≤ 5.6.32
phpphp
7.0.0 ≤
𝑥
≤ 7.0.26
phpphp
7.1.0 <
𝑥
≤ 7.1.12
phpphp
7.2.0
debiandebian_linux
7.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
php5
bionic
dne
artful
dne
xenial
dne
trusty
Fixed 5.5.9+dfsg-1ubuntu4.23
released
php7.0
bionic
dne
artful
dne
xenial
Fixed 7.0.28-0ubuntu0.16.04.1
released
trusty
dne
php7.1
bionic
dne
artful
Fixed 7.1.15-0ubuntu0.17.10.1
released
xenial
dne
trusty
dne
php7.2
bionic
not-affected
artful
dne
xenial
dne
trusty
dne