[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-UBUNTU-CVE-2016-4072":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":19,"related":20,"reserved_at":9,"published_at":24,"modified_at":25,"state":9,"summary":26,"references_raw":28,"kevs":56,"epss":9,"epss_history":57,"metrics":58,"affected":64},"UBUNTU-CVE-2016-4072","The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to execute arbitrary code via a crafted filename, as demonstrated by mishandling of \\0 characters by the phar_analyze_path function in ext/phar/phar.c.",null,[],[],[],[14],{"_key":15},"CVE-2016-4072",[17],{"_key":18},"USN-2984-1",[],[21,22],{"_key":18},{"_key":23},"USN-2952-1","2016-04-25T00:00:00Z","2026-04-22T10:42:44.222208Z",{"cisa_kev":27,"cisa_ransomware":27,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[29,35,39,43,48,52],{"url":30,"sources":31,"tags":33},"https://ubuntu.com/security/CVE-2016-4072",[32],"osv_ubuntu",[34],"REPORT",{"url":36,"sources":37,"tags":38},"https://gist.github.com/smalyshev/80b5c2909832872f2ba2",[32],[34],{"url":40,"sources":41,"tags":42},"http://www.openwall.com/lists/oss-security/2016/04/11/7",[32],[34],{"url":44,"sources":45,"tags":46},"https://ubuntu.com/security/notices/USN-2952-1",[32],[47],"Advisory",{"url":49,"sources":50,"tags":51},"https://ubuntu.com/security/notices/USN-2984-1",[32],[47],{"url":53,"sources":54,"tags":55},"https://www.cve.org/CVERecord?id=CVE-2016-4072",[32],[34],[],[],[59],{"source":32,"cvss_v2_0":9,"cvss_v3_0":60,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":61,"baseSeverity":9,"vectorString":62,"impactScore":61,"exploitabilityScore":63},9.8,"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",10,[65,77],{"ecosystem":66,"name":67,"vendor":68,"product":67,"cpe_part":9,"purl_type":69,"purl_namespace":68,"purl_name":67,"source":9,"versions":70},"Ubuntu","php5","ubuntu","deb",[71],{"version":72,"is_range":73,"range_type":74,"version_start":9,"version_start_type":9,"version_end":75,"version_end_type":76,"fixed_in":9},"lt5_5_9+dfsg_1ubuntu4_16",true,"ecosystem","5.5.9+dfsg-1ubuntu4.16","excluding",{"ecosystem":66,"name":78,"vendor":68,"product":78,"cpe_part":9,"purl_type":69,"purl_namespace":68,"purl_name":78,"source":9,"versions":79},"php7.0",[80],{"version":81,"is_range":73,"range_type":74,"version_start":9,"version_start_type":9,"version_end":82,"version_end_type":76,"fixed_in":9},"lt7_0_4_7ubuntu2_1","7.0.4-7ubuntu2.1"]