CNNVD-202507-1798 Information

CNNVD ID

CNNVD-202507-1798

Related CVE

CVE-2025-1220

• CNNVD Published: 2025-07-13

Description (Chinese)

PHP是PHP的一种在服务器端执行的脚本语言。 PHP 8.1.33之前版本、8.2.29之前版本、8.3.23之前版本和8.4.10之前版本存在安全漏洞，该漏洞源于fsockopen等函数未验证主机名是否包含空字符，可能导致安全问题。

Description (English)

PHP is a script language executed by PHP at the server end. PHP 8.1.33, 8.2.29, 8.3.23 and 8.4.10 have a security loophole, which stems from the fact that the fsockopen and other functions do not verify that the host name contains an empty character, which may lead to security problems.

Hazard Level

Critical

Vulnerability Type

其他

Affected Vendor

PHP

Published

2025-07-13

Last Modified

2026-02-24

References

https://github.com/php/php-src/security/advisories/GHSA-3cr5-j632-f35r https://vigilance.fr/vulnerability/PHP-Server-Side-Request-Forgery-via-Hostnames-Null-Byte-Termination-47593

Patch

https://github.com/php/php-src/releases