CVE-2020-7071

MEDIUM Year: 2020
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.

Related Vulnerabilities

CVE-2009-1197

MEDIUM
CVSS:5.3(Medium)

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

CWE-202009

CVE-2010-3667

MEDIUM
CVSS:5.3(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.

CWE-202010

CVE-2011-2902

MEDIUM
CVSS:5.3(Medium)

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary fil...

CWE-202011

CVE-2013-4101

MEDIUM
CVSS:5.3(Medium)

Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness

CWE-202013

CVE-2014-0091

MEDIUM
CVSS:5.3(Medium)

Foreman has improper input validation which could lead to partial Denial of Service

CWE-202014

CVE-2014-1935

MEDIUM
CVSS:5.3(Medium)

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

CWE-202014