Web Development

In PHP versions 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, and 8.4.* a medium severity vulnerability CVE-2025-1735 was detected. This vulnerability is caused by improper error handling in the pgsql and pdo_pgsql escaping functions, which fail to check for errors returned by the underlying quoting mechanisms, potentially leading to crashes if the PostgreSQL server rejects an invalid string. To address this issue, users should upgrade PHP to versions 8.1.33, 8.2.29, 8.3.23 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1735.

In PHP versions 8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23 and 8.4.* before 8.4.10 a medium severity vulnerability CVE-2025-6491 was detected. This vulnerability allows attackers to cause a null pointer dereference by parsing XML data with an overly large (>2GB) XML namespace prefix in SOAP extensions, potentially leading to crashes and impacting server availability. To address this issue, users should upgrade PHP to versions 8.1.33, 8.2.29, 8.3.23 or 8.4.10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6491.

In PHP versions from 8.3.0 to before 8.3.19 and from 8.4.0 to before 8.4.5 a critical severity vulnerability CVE-2024-11235 was detected. This vulnerability allows attackers to run code remotely by triggering a memory bug with certain code and inputs. To address this issue, users should upgrade PHP to versions 8.3.19 or 8.4.5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11235.

In PHP versions up to 8.1.31, 8.2.27, 8.3.18 and 8.4.4 a medium severity vulnerability CVE-2025-1219 was detected. This vulnerability allows incorrect parsing of documents or bypassing of validations due to the wrong content-type header being used to determine the charset during HTTP redirects. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1219.

In PHP versions up to 8.1.31, 8.2.27, 8.3.18 and 8.4.4 a medium severity vulnerability CVE-2025-1734 was detected. This vulnerability allows invalid headers, specifically those missing a colon (:), to be incorrectly treated as valid headers, potentially leading to unexpected behavior or security vulnerabilities such as header injection attacks. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1734.

In PHP versions 8.1.* before 8.1.32, 8.2.* before 8.2.28, 8.3.* before 8.3.19 and 8.4.* before 8.4.5 a medium severity vulnerability CVE-2025-1217 was detected. This vulnerability causes incorrect parsing of folded HTTP headers in the HTTP request module, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1217.

In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, and 8.2.* before 8.2.2 a critical severity vulnerability CVE-2022-31631 was detected. This vulnerability allows attackers to exploit improper quoting in the PDO::quote() function for SQLite, potentially leading to SQL injection when processing overly long strings. Currently, there is no fix version for that issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-31631.

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a critical severity vulnerability CVE-2024-8932 was detected. This vulnerability allows attackers to cause an integer overflow through uncontrolled long string inputs to the ldap_escape() function on 32-bit systems, leading to an out-of-bounds write. To address this issue, users must upgrade to PHP versions 8.1.31, 8.2.26 or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8932.

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-8929 was detected. This vulnerability allows attackers to exploit a malicious MySQL server to force the PHP client to reveal sensitive data from its memory, including information from other users. To address this issue, users must upgrade to PHP versions 8.1.31 or later, 8.2.26, or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8929.