CVE-2018-5712
MEDIUM6.1EPSS 89.2%php5 - security update
Published: 1/20/2018Modified: 3/9/2026
Description
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
Affected packages (2)
- Alpine/php5from 0, < 5.6.36-r0
- Debian/php5from 0, < 5.4.45-0+deb7u12
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |