CVE-2018-5712

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2018-5712
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5712.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-5712
Downstream
Related
Published
2018-01-16T09:29:00Z
Modified
2025-10-15T04:34:29Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Last affected
2d16947f209c40fa4cccc56833aa0807790d52b8
Introduced
60fffd296abce5fc071f3c173c25a2696cf683c6
Last affected
532aa2d2aeb4a1f590f30d4063445473182f9a38
Last affected
6f21492505dd554667f70884b46802f2fb81c210
Last affected
8148cbb78841c8ec0759c0836e7f35dec799d300