Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • DevOps
  • Web Development

Web Development

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    31 Mar 2025 DevOps
    PHP: Incorrect Parsing of Folded HTTP Headers

    In PHP versions 8.1.* before 8.1.32, 8.2.* before 8.2.28, 8.3.* before 8.3.19 and 8.4.* before 8.4.5 a medium severity vulnerability CVE-2025-1217 was detected. This vulnerability causes incorrect parsing of folded HTTP headers in the HTTP request module, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. To address this issue, users should upgrade PHP to versions 8.1.32, 8.2.28, 8.3.19, 8.4.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1217.

    Read more
    Web Development
    17 Jan 2025 DevOps
    PHP: SQL Injection Vulnerability via Improper Quoting in PDO for SQLite

    In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, and 8.2.* before 8.2.2 a critical severity vulnerability CVE-2022-31631 was detected. This vulnerability allows attackers to exploit improper quoting in the PDO::quote() function for SQLite, potentially leading to SQL injection when processing overly long strings. Currently, there is no fix version for that issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-31631.

    Read more
    Web Development
    29 Nov 2024 DevOps
    PHP: Integer Overflow Vulnerability in ldap_escape()

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a critical severity vulnerability CVE-2024-8932 was detected. This vulnerability allows attackers to cause an integer overflow through uncontrolled long string inputs to the ldap_escape() function on 32-bit systems, leading to an out-of-bounds write. To address this issue, users must upgrade to PHP versions 8.1.31, 8.2.26 or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8932.

    Read more
    Web Development
    29 Nov 2024 DevOps
    PHP: Heap Data Disclosure via Hostile MySQL Server

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-8929 was detected. This vulnerability allows attackers to exploit a malicious MySQL server to force the PHP client to reveal sensitive data from its memory, including information from other users. To address this issue, users must upgrade to PHP versions 8.1.31 or later, 8.2.26, or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8929.

    Read more
    Web Development
    26 Nov 2024 DevOps
    PHP: HTTP Request Smuggling Vulnerability in Proxy Configurations

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-11234 was detected. This vulnerability allows attackers to perform HTTP request smuggling due to improper sanitization of the URI when using streams with a proxy and the “request_fulluri” option. This could allow attackers to send arbitrary requests from the server, potentially accessing restricted resources. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11234.

    Read more
    Web Development
    26 Nov 2024 DevOps
    PHP: Buffer Overread Vulnerability in decode Filter

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-11233 was detected. This vulnerability allows attackers to exploit an error in the convert.quoted-printable-decode filter, leading to a buffer overread by one byte. In certain cases, this can cause crashes or disclose content from other memory areas. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11233.

    Read more
    Web Development
    25 Nov 2024 DevOps
    PHP: Integer Overflow Vulnerability Risk

    In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26 and 8.3.* before 8.3.14 a critical severity vulnerability CVE-2024-11236 was detected. This vulnerability allows attackers to exploit long string inputs to cause system crashes or execute malicious actions. To fix this issue, users should upgrade PHP to versions 8.1.31, 8.2.26, or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11236.

    Read more
    Web Development
    10 Oct 2024 DevOps
    PHP: Command Injection Vulnerability in Windows Codepages

    In PHP versions 8.1 to 8.1.30, 8.2 to 8.2.24, and 8.3 to 8.3.12 a high severity vulnerability related to command injection CVE-2024-8926 was detected. This vulnerability allows attackers to exploit certain non-standard configurations of Windows codepages, potentially enabling them to pass options to the PHP binary being executed. This may result in revealing the source code of scripts or running arbitrary PHP code on the server. To fix this issue, users must upgrade to 8.1.30, 8.2.24, or 8.3.12 versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8926.

    Read more
    Web Development
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}