VDB
ALPINE-CVE-2018-5712
ALPINE-CVE-2018-5712
PUBLISHED
CVSS 6.099999904632568 MEDIUM
An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file.
Risk Scores
CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.4 | php5 | 5.2.10-r0, 5.2.11-r0, 5.2.8-r0 |
| Alpine:v3.5 | php5 | 5.5.11-r0, 5.5.11-r1, 5.5.12-r0 |
Exploit Intelligence
- cve_db.json (github-poc)
Timeline
- Jan 16, 2018 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch