CVE-2016-1904
Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.
We have discovered 2,118,865 live websites that are affected by CVE-2016-1904.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 2,118,865 live websites (24.28% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 250 versions ( 45.70% of all versions) |
Details
- Published - Jan 19, 2016
- Updated - Aug 5, 2024
CVE References
CVE-2016-1904 usage by Country
 United States | 526,740 websites |
 Russia | 238,110 websites |
 France | 159,172 websites |
 Germany | 150,065 websites |
 Japan | 125,640 websites |
 Taiwan | 113,278 websites |
 Netherlands | 85,677 websites |
 China | 75,148 websites |
 GB | 43,982 websites |
 Poland | 37,409 websites |
CVE-2016-1904 usage by TLD
| .com | 897,143 websites |
| .ru | 204,080 websites |
| .de | 92,296 websites |
| .net | 78,198 websites |
| .nl | 57,874 websites |
| .fr | 57,621 websites |
| .org | 56,849 websites |
| .jp | 33,546 websites |
| .pl | 31,295 websites |
| .co.uk | 30,911 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2016-1904
Top websites that are affected by CVE-2016-1904. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.org | China | *** | |
| *****.***********.com |  Canada | *** | |
| **********.com | United States | *** | |
| **********.com | United States | *** | |
| ************.***.ar |  Argentina | *,*** | |
| *****.ru | Russia | *,*** | |
| ********.*********.com |  Singapore | *,*** | |
| ******************.com | United States | *,*** | |
| ***.org | United States | *,*** | |
| *********.******.net | United States | *,*** |
FAQ
A total of 2,118,865 websites have been identified as vulnerable to CVE-2016-1904, discovered through global website indexing conducted by WebTechSurvey.
PHP is susceptible to CVE-2016-1904 vulnerability.
PHP versions before 7.0.2 are vulnerable to CVE-2016-1904.
Version 7.0.2 of PHP addresses the CVE-2016-1904 security vulnerability.