CVE-2018-5712 Information

Feb 14, 2021 cve

Description

An issue was discovered in PHP before 5.6.33 7.0.x before 7.0.27 7.1.x before 7.1.13 and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://php.net/ChangeLog-5.php http://php.net/ChangeLog-7.php http://www.securityfocus.com/bid/102742 http://www.securityfocus.com/bid/104020 http://www.securitytracker.com/id/1040363 https://access.redhat.com/errata/RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2019:2519 https://bugs.php.net/bug.php?id=74782 https://lists.debian.org/debian-lts-announce/2018/01/msg00025.html https://usn.ubuntu.com/3566-1/ https://usn.ubuntu.com/3600-1/ https://usn.ubuntu.com/3600-2/ https://www.oracle.com/security-alerts/cpuapr2020.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1

Share on: