Home

CVE-2018-5712

Description

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Risk Information

Base Score
6.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
87.61

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-5712 are fixed in Oracle Secure Backup 18.1Windows
HTML-embedded scripting language interpreter (USN-3211-1) php7.0-cgi_7.0.28-0ubuntu0.16.04.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3211-1) php7.0-cgi_7.0.28-0ubuntu0.16.04.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3211-1) php7.0-cli_7.0.28-0ubuntu0.16.04.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3211-1) php7.0-cli_7.0.28-0ubuntu0.16.04.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3211-1) php7.0-fpm_7.0.28-0ubuntu0.16.04.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3211-1) php7.0-fpm_7.0.28-0ubuntu0.16.04.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3211-1) libapache2-mod-php7.0_7.0.28-0ubuntu0.16.04.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3211-1) libapache2-mod-php7.0_7.0.28-0ubuntu0.16.04.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3566-1) php5-cgi_5.5.9+dfsg-1ubuntu4.23_i386.debLinux
HTML-embedded scripting language interpreter (USN-3566-1) php5-cgi_5.5.9+dfsg-1ubuntu4.23_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3566-1) php5-cli_5.5.9+dfsg-1ubuntu4.23_i386.debLinux
HTML-embedded scripting language interpreter (USN-3566-1) php5-cli_5.5.9+dfsg-1ubuntu4.23_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3566-1) php5-fpm_5.5.9+dfsg-1ubuntu4.23_i386.debLinux
HTML-embedded scripting language interpreter (USN-3566-1) php5-fpm_5.5.9+dfsg-1ubuntu4.23_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3566-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.23_i386.debLinux
HTML-embedded scripting language interpreter (USN-3566-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.23_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php5-cgi_5.5.9+dfsg-1ubuntu4.24_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php5-cgi_5.5.9+dfsg-1ubuntu4.24_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php5-cli_5.5.9+dfsg-1ubuntu4.24_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php5-cli_5.5.9+dfsg-1ubuntu4.24_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php5-fpm_5.5.9+dfsg-1ubuntu4.24_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php5-fpm_5.5.9+dfsg-1ubuntu4.24_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.0-cgi_7.0.28-0ubuntu0.16.04.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.0-cgi_7.0.28-0ubuntu0.16.04.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.0-cli_7.0.28-0ubuntu0.16.04.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.0-cli_7.0.28-0ubuntu0.16.04.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.0-fpm_7.0.28-0ubuntu0.16.04.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.0-fpm_7.0.28-0ubuntu0.16.04.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.1-cgi_7.1.15-0ubuntu0.17.10.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.1-cgi_7.1.15-0ubuntu0.17.10.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.1-cli_7.1.15-0ubuntu0.17.10.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.1-cli_7.1.15-0ubuntu0.17.10.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.1-fpm_7.1.15-0ubuntu0.17.10.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) php7.1-fpm_7.1.15-0ubuntu0.17.10.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.24_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) libapache2-mod-php5_5.5.9+dfsg-1ubuntu4.24_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) libapache2-mod-php7.0_7.0.28-0ubuntu0.16.04.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) libapache2-mod-php7.0_7.0.28-0ubuntu0.16.04.1_amd64.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) libapache2-mod-php7.1_7.1.15-0ubuntu0.17.10.1_i386.debLinux
HTML-embedded scripting language interpreter (USN-3600-1) libapache2-mod-php7.1_7.1.15-0ubuntu0.17.10.1_amd64.debLinux
(RHSA-2020:1112) php security update php-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-bcmath-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-cli-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-common-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-dba-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-devel-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-embedded-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-enchant-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-fpm-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-gd-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-intl-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-ldap-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-mbstring-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-mysql-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-mysqlnd-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-odbc-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-pdo-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-pgsql-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-process-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-pspell-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-recode-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-snmp-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-soap-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-xml-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-xmlrpc-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-cli-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-common-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-gd-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-ldap-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-mysql-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-odbc-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-pdo-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-pgsql-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-process-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-recode-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-soap-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-xml-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-xmlrpc-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-bcmath-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-dba-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-devel-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-embedded-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-enchant-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-fpm-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-intl-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-mbstring-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-mysqlnd-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-pspell-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112) php security update php-snmp-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-bcmath-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-cli-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-common-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-dba-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-devel-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-embedded-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-enchant-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-fpm-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-gd-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-intl-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-ldap-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-mbstring-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-mysql-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-mysqlnd-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-odbc-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-pdo-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-pgsql-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-process-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-pspell-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-recode-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-snmp-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-soap-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-xml-5.4.16-48.el7.x86_64.rpmLinux
(CESA-2020:1112) php security update php-xmlrpc-5.4.16-48.el7.x86_64.rpmLinux
(RHSA-2020:1112)Moderate: security update php-debuginfo-5.4.16-48.el7.x86_64.rpmLinux
Php update (ELSA-2020-1112) php-5.4.16-48.el7.x86_64.rpmLinux
Php-cli update (ELSA-2020-1112) php-cli-5.4.16-48.el7.x86_64.rpmLinux
Php-common update (ELSA-2020-1112) php-common-5.4.16-48.el7.x86_64.rpmLinux
Php-gd update (ELSA-2020-1112) php-gd-5.4.16-48.el7.x86_64.rpmLinux
Php-ldap update (ELSA-2020-1112) php-ldap-5.4.16-48.el7.x86_64.rpmLinux
Php-mysql update (ELSA-2020-1112) php-mysql-5.4.16-48.el7.x86_64.rpmLinux
Php-odbc update (ELSA-2020-1112) php-odbc-5.4.16-48.el7.x86_64.rpmLinux
Php-pdo update (ELSA-2020-1112) php-pdo-5.4.16-48.el7.x86_64.rpmLinux
Php-pgsql update (ELSA-2020-1112) php-pgsql-5.4.16-48.el7.x86_64.rpmLinux
Php-process update (ELSA-2020-1112) php-process-5.4.16-48.el7.x86_64.rpmLinux
Php-recode update (ELSA-2020-1112) php-recode-5.4.16-48.el7.x86_64.rpmLinux
Php-soap update (ELSA-2020-1112) php-soap-5.4.16-48.el7.x86_64.rpmLinux
Php-xml update (ELSA-2020-1112) php-xml-5.4.16-48.el7.x86_64.rpmLinux
Php-xmlrpc update (ELSA-2020-1112) php-xmlrpc-5.4.16-48.el7.x86_64.rpmLinux
Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2018-5712)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234