| VID |
22966 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The version of PHP installed on the remote host is 7.3.x prior to 7.3.25. It is, therefore, affected by multiple vulnerabilities as specified by the changelogs of the respective fixed releases.
- Core:
Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors).
- COM:
Fixed bug #62474 (com_event_sink crashes on certain arguments).
- DOM:
Fixed bug #80268 (loadHTML() truncates at NUL bytes).
- IMAP:
Fixed bug #64076 (imap_sort() does not return FALSE on failure).
Fixed bug #76618 (segfault on imap_reopen).
Fixed bug #80239 (imap_rfc822_write_address() leaks memory).
Fixed minor regression caused by fixing bug #80220.
Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822).
- Intl:
Fixed bug #80310 (ext-intl with icu4c 68.1: use of undeclared identifier 'TRUE').
- ODBC:
Fixed bug #44618 (Fetching may rely on uninitialized data).
- SNMP:
Fixed bug #70461 (disable md5 code when it is not supported in net-snmp).
- Standard:
Fixed bug #80266 (parse_url silently drops port number 0).
* References:
https://www.php.net/ChangeLog-7.php#7.3.25
* Platforms Affected:
PHP Prior to 7.3.25
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP (7.3.25 or later), available from the PHP web site at http://www.php.net/downloads.php |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
