CVE-2020-7071
FILTER_VALIDATE_URL accepts URLs with invalid userinfoIn PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.
We have discovered 814,697 live websites that are affected by CVE-2020-7071.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.3 before 7.3.26
- from 7.4 before 7.4.14
- from 8 before 8.0.1
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 814,697 live websites (6.73% of PHP install base) |
Common Weakness Enumeration
CWE-20 Improper Input Validation
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7071 and the relative popularity of websites