Description

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.

Remediation

References

CVE-2018-5712

Related Vulnerabilities

Apache HTTP Server Other Vulnerability (CVE-2007-1743)

WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)

WordPress Plugin Advanced Custom Fields PRO Cross-Site Scripting (6.1.5)

WordPress Plugin NextGEN Pro Cross-Site Scripting (3.1.9)

ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4673)

Severity

Medium

Classification

CVE-2018-5712 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities