Lucene search
Veracode Vulnerability DatabaseVERACODE:28913HistoryJan 07, 2021 - 5:05 p.m.
Privilege Escalation
2021-01-0717:05:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.006 Low
EPSS
Percentile
77.7%
php7 is vulnerable to privilege escalation. The vulnerability is possible due to insufficient validation of URL performed via the “FILTER_VALIDATE_URL” setting. A remote attacker can use the “@” characters in the URL to bypass implemented filter and force the application to accept arbitrary URL instead of the defined by the option.
References
bugs.php.net/bug.php?id=77423
lists.debian.org/debian-lts-announce/2021/07/msg00008.html
secdb.alpinelinux.org/v3.12/community.yaml
security.gentoo.org/glsa/202105-23
security.netapp.com/advisory/ntap-20210312-0005/
www.debian.org/security/2021/dsa-4856
www.oracle.com/security-alerts/cpuoct2021.html
www.tenable.com/security/tns-2021-14
Related
openvas
openvas
Fedora: Security Advisory for php (FEDORA-2021-ca0e53d310)
2021-01-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0126-1)
2021-06-09 00:00:00
nessus
nessus
Fedora 32 : php (2021-ca0e53d310)
2021-01-20 00:00:00
openSUSE Security Update : php7 (openSUSE-2021-106)
2021-01-25 00:00:00
SUSE SLES12 Security Update : php74 (SUSE-SU-2021:0126-1)
2021-01-15 00:00:00
nvd
nvd
CVE-2020-7071
2021-02-15 04:15:12
archlinux
archlinux
[ASA-202101-9] php: insufficient validation
2021-01-12 00:00:00
[ASA-202107-15] php: multiple issues
2021-07-06 00:00:00
[ASA-202107-16] php7: multiple issues
2021-07-06 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: php-7.4.14-1.fc33
2021-01-14 01:40:08
[SECURITY] Fedora 32 Update: php-7.4.14-1.fc32
2021-01-16 01:23:34
osv
osv
CVE-2020-7071
2021-02-15 04:15:12
BIT-php-2020-7071
2024-03-06 11:05:46
php7.3 - security update
2021-02-17 00:00:00
cve
cve
CVE-2020-7071
2021-02-15 04:15:12
alpinelinux
alpinelinux
CVE-2020-7071
2021-02-15 04:15:12
cbl_mariner
cbl_mariner
CVE-2020-7071 affecting package php 7.4.14-3
2024-07-05 21:08:40
suse
suse
Security update for php7 (moderate)
2021-01-18 00:00:00
Security update for php7 (moderate)
2021-01-17 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2021-01-14 18:13:25
cvelist
cvelist
CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo
2021-01-04 00:00:00
debiancve
debiancve
CVE-2020-7071
2021-02-15 04:15:12
ubuntucve
ubuntucve
CVE-2020-7071
2021-02-15 00:00:00
redhatcve
redhatcve
CVE-2020-7071
2021-01-07 17:44:44
prion
prion
Design/Logic Flaw
2021-02-15 04:15:00
gentoo
gentoo
PHP: Multiple vulnerabilities
2021-05-26 00:00:00
ubuntu
ubuntu
PHP vulnerabilities
2021-07-13 00:00:00
PHP vulnerabilities
2021-07-07 00:00:00
debian
debian
[SECURITY] [DLA 2708-1] php7.0 security update
2021-07-15 13:01:58
[SECURITY] [DSA 4856-1] php7.3 security update
2021-02-17 22:08:33
oraclelinux
oraclelinux
php:7.4 security, bug fix, and enhancement update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
redhat
redhat
rocky
rocky
php:7.4 security, bug fix, and enhancement update
2021-11-09 08:42:20
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00