CVE-2023-0662

HIGH

PHP 8.0.0-8.0.27 - Denial of Service via HTTP Form Upload

Title source: llm
STIX 2.1

Description

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. This can cause denial of service on the affected server by exhausting CPU resources or disk space.

Scores

CVSS v3 7.5
EPSS 0.0141
EPSS Percentile 69.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-400
Status published
Products (1)
php/php 8.0.0 - 8.0.28
Published Feb 16, 2023
Tracked Since Feb 18, 2026