Medium severity6.1NVD Advisory· Published Jan 16, 2018· Updated Jun 17, 2026
CVE-2018-5712
CVE-2018-5712
Description
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- osv-coords12 versionspkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/php53&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php5&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/php7&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3
< 5.3.17-112.20.1+ 11 more
- (no CPE)range: < 5.3.17-112.20.1
- (no CPE)range: < 5.3.17-112.20.1
- (no CPE)range: < 5.3.17-112.20.1
- (no CPE)range: < 5.3.17-112.20.1
- (no CPE)range: < 5.3.17-112.20.1
- (no CPE)range: < 5.3.17-112.20.1
- (no CPE)range: < 5.5.14-109.17.1
- (no CPE)range: < 5.5.14-109.17.1
- (no CPE)range: < 5.5.14-109.17.1
- (no CPE)range: < 7.0.7-50.26.1
- (no CPE)range: < 7.0.7-50.26.1
- (no CPE)range: < 7.0.7-50.26.1
Patches
Vulnerability mechanics
References
13- bugs.php.net/bug.phpnvdIssue TrackingPatchVendor Advisory
- php.net/ChangeLog-5.phpnvdRelease NotesVendor Advisory
- php.net/ChangeLog-7.phpnvdRelease NotesVendor Advisory
- www.securityfocus.com/bid/102742nvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/104020nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040363nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:1296nvdThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/01/msg00025.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3566-1/nvdThird Party Advisory
- usn.ubuntu.com/3600-1/nvdThird Party Advisory
- usn.ubuntu.com/3600-2/nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:2519nvd
- www.oracle.com/security-alerts/cpuapr2020.htmlnvd
News mentions
0No linked articles in our index yet.