CVE-2018-10547
Description
An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
17.239
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| HTML-embedded scripting language interpreter (USN-3646-1) php5-cgi_5.5.9+dfsg-1ubuntu4.25_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php5-cgi_5.5.9+dfsg-1ubuntu4.25_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php5-cli_5.5.9+dfsg-1ubuntu4.25_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php5-cli_5.5.9+dfsg-1ubuntu4.25_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php5-fpm_5.5.9+dfsg-1ubuntu4.25_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php5-fpm_5.5.9+dfsg-1ubuntu4.25_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.0-cgi_7.0.30-0ubuntu0.16.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.0-cgi_7.0.30-0ubuntu0.16.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.0-cli_7.0.30-0ubuntu0.16.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.0-cli_7.0.30-0ubuntu0.16.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.0-fpm_7.0.30-0ubuntu0.16.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.0-fpm_7.0.30-0ubuntu0.16.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.1-cgi_7.1.17-0ubuntu0.17.10.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.1-cgi_7.1.17-0ubuntu0.17.10.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.1-cli_7.1.17-0ubuntu0.17.10.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.1-cli_7.1.17-0ubuntu0.17.10.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.1-fpm_7.1.17-0ubuntu0.17.10.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.1-fpm_7.1.17-0ubuntu0.17.10.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.2-cgi_7.2.5-0ubuntu0.18.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.2-cgi_7.2.5-0ubuntu0.18.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.2-cli_7.2.5-0ubuntu0.18.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.2-cli_7.2.5-0ubuntu0.18.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.2-fpm_7.2.5-0ubuntu0.18.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) php7.2-fpm_7.2.5-0ubuntu0.18.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.25_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.25_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) libapache2-mod-php7.0_7.0.30-0ubuntu0.16.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) libapache2-mod-php7.0_7.0.30-0ubuntu0.16.04.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) libapache2-mod-php7.1_7.1.17-0ubuntu0.17.10.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) libapache2-mod-php7.1_7.1.17-0ubuntu0.17.10.1_amd64.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) libapache2-mod-php7.2_7.2.5-0ubuntu0.18.04.1_i386.deb | Linux |
| HTML-embedded scripting language interpreter (USN-3646-1) libapache2-mod-php7.2_7.2.5-0ubuntu0.18.04.1_amd64.deb | Linux |
| php7.0 security update(DSA-4240-1) php7.0_7.0.30-0+deb9u1_all.deb | Linux |
| (RHSA-2020:1112) php security update php-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-bcmath-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-cli-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-common-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-dba-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-devel-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-embedded-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-enchant-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-fpm-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-gd-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-intl-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-ldap-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-mbstring-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-mysql-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-mysqlnd-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-odbc-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-pdo-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-pgsql-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-process-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-pspell-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-recode-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-snmp-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-soap-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-xml-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-xmlrpc-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-cli-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-common-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-gd-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-ldap-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-mysql-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-odbc-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-pdo-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-pgsql-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-process-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-recode-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-soap-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-xml-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-xmlrpc-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-bcmath-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-dba-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-devel-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-embedded-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-enchant-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-fpm-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-intl-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-mbstring-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-mysqlnd-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-pspell-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112) php security update php-snmp-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-bcmath-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-cli-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-common-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-dba-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-devel-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-embedded-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-enchant-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-fpm-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-gd-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-intl-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-ldap-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-mbstring-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-mysql-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-mysqlnd-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-odbc-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-pdo-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-pgsql-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-process-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-pspell-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-recode-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-snmp-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-soap-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-xml-5.4.16-48.el7.x86_64.rpm | Linux |
| (CESA-2020:1112) php security update php-xmlrpc-5.4.16-48.el7.x86_64.rpm | Linux |
| (RHSA-2020:1112)Moderate: security update php-debuginfo-5.4.16-48.el7.x86_64.rpm | Linux |
| Php update (ELSA-2020-1112) php-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-cli update (ELSA-2020-1112) php-cli-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-common update (ELSA-2020-1112) php-common-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-gd update (ELSA-2020-1112) php-gd-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-ldap update (ELSA-2020-1112) php-ldap-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-mysql update (ELSA-2020-1112) php-mysql-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-odbc update (ELSA-2020-1112) php-odbc-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-pdo update (ELSA-2020-1112) php-pdo-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-pgsql update (ELSA-2020-1112) php-pgsql-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-process update (ELSA-2020-1112) php-process-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-recode update (ELSA-2020-1112) php-recode-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-soap update (ELSA-2020-1112) php-soap-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-xml update (ELSA-2020-1112) php-xml-5.4.16-48.el7.x86_64.rpm | Linux |
| Php-xmlrpc update (ELSA-2020-1112) php-xmlrpc-5.4.16-48.el7.x86_64.rpm | Linux |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2018-10547) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234