CVE-2018-5712
php5 - security update
6.1
MEDIUM
CVSS 3.1
EPSS 89.2%
Description
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
How to fix CVE-2018-5712
To remediate CVE-2018-5712, upgrade the affected package to a fixed version below.
- Alpine/php5—upgrade to 5.6.36-r0 or later
- —upgrade to 5.4.45-0+deb7u12 or later
Is CVE-2018-5712 being exploited?
Likely — EPSS is 89.2%, placing CVE-2018-5712 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 5.6.36-r0
- from 0, < 5.4.45-0+deb7u12
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |