CVE-2018-5712
- Source
- https://cve.org/CVERecord?id=CVE-2018-5712
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-5712.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2018-5712
- Downstream
- Related
- Published
- 2018-01-16T09:29:00.623Z
- Modified
- 2026-04-11T12:09:26.445998Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
- Database specific
{ "unresolved_ranges": [ { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "12.04" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "14.04" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "16.04" } ] }, { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "last_affected": "17.10" } ] } ] }- References
-
- https://www.oracle.com/security-alerts/cpuapr2020.html
- http://php.net/ChangeLog-5.php
- http://php.net/ChangeLog-7.php
- http://www.securityfocus.com/bid/102742
- http://www.securityfocus.com/bid/104020
- http://www.securitytracker.com/id/1040363
- https://access.redhat.com/errata/RHSA-2018:1296
- https://access.redhat.com/errata/RHSA-2019:2519
- https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html
- https://usn.ubuntu.com/3566-1/
- https://usn.ubuntu.com/3600-1/
- https://usn.ubuntu.com/3600-2/
- https://bugs.php.net/bug.php?id=74782
Affected packages
Git / github.com/php/php-src
Affected ranges
- Type
- GIT
- Repo
- https://github.com/php/php-src
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedIntroducedLast affected
- Database specific
{ "cpe": [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", "cpe:2.3:a:php:php:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" ], "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "5.6.32" }, { "last_affected": "7.1.12" }, { "last_affected": "7.2.0" }, { "last_affected": "7.0" }, { "introduced": "7.0.0" }, { "last_affected": "7.0.26" } ] }
Affected versions
Other
POST_64BIT_BRANCH_MERGE
POST_AST_MERGE
POST_PHP7_NSAPI_REMOVAL
POST_PHP7_REMOVALS
POST_PHPNG_MERGE
PRE_64BIT_BRANCH_MERGE
PRE_AST_MERGE
PRE_PHP7_EREG_MYSQL_REMOVALS
PRE_PHP7_NSAPI_REMOVAL
PRE_PHP7_REMOVALS
l
php-5.*
php-5.6.32
php-7.*
php-7.0.0
php-7.0.26
php-7.0.26RC1
php-7.1.12
php-7.1.12RC1
php-7.2.0