cve-2024-8926
Vulnerability from cvelistv5
Published
2024-10-08 03:48
Modified
2024-10-08 13:52
Severity ?
EPSS score ?
Summary
PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@php.net | https://github.com/advisories/GHSA-vxpp-6299-mxw3 | Third Party Advisory |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "php",
"vendor": "php",
"versions": [
{
"lessThan": "8.1.30",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThan": "8.2.24",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"lessThan": "8.3.12",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T12:55:27.311454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T13:52:37.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "PHP",
"vendor": "PHP Group",
"versions": [
{
"lessThan": "8.1.30",
"status": "affected",
"version": "8.1.*",
"versionType": "semver"
},
{
"lessThan": "8.2.24",
"status": "affected",
"version": "8.2.*",
"versionType": "semver"
},
{
"lessThan": "8.3.12",
"status": "affected",
"version": "8.3.*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "https://github.com/MortalAndTry"
}
],
"datePublic": "2024-09-27T17:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ewhen using a certain non-standard configurations of Windows codepages, the fixes for\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/advisories/GHSA-vxpp-6299-mxw3\"\u003eCVE-2024-4577\u003c/a\u003e\u0026nbsp;may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003emay allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T03:48:53.628Z",
"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"shortName": "php"
},
"references": [
{
"url": "https://github.com/advisories/GHSA-vxpp-6299-mxw3"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
"assignerShortName": "php",
"cveId": "CVE-2024-8926",
"datePublished": "2024-10-08T03:48:53.628Z",
"dateReserved": "2024-09-17T04:06:56.550Z",
"dateUpdated": "2024-10-08T13:52:37.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-8926\",\"sourceIdentifier\":\"security@php.net\",\"published\":\"2024-10-08T04:15:10.637\",\"lastModified\":\"2024-10-16T18:35:59.500\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \\\"Best Fit\\\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\"},{\"lang\":\"es\",\"value\":\"En las versiones de PHP 8.1.* anteriores a 8.1.30, 8.2.* anteriores a 8.2.24, 8.3.* anteriores a 8.3.12, al utilizar ciertas configuraciones no est\u00e1ndar de p\u00e1ginas de c\u00f3digos de Windows, las correcciones para CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 a\u00fan se pueden omitir y se puede lograr la misma inyecci\u00f3n de comandos relacionada con el comportamiento de la p\u00e1gina de c\u00f3digos \\\"Best Fit\\\" de Windows. Esto puede permitir que un usuario malintencionado pase opciones al binario PHP que se est\u00e1 ejecutando y, por lo tanto, revele el c\u00f3digo fuente de los scripts, ejecute c\u00f3digo PHP arbitrario en el servidor, etc.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9},{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.30\",\"matchCriteriaId\":\"3AB97B3F-78E0-412D-A29A-2086C84EC2A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.24\",\"matchCriteriaId\":\"30CA7A9A-B2B8-4A3E-981B-E94536DAFD89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndExcluding\":\"8.3.12\",\"matchCriteriaId\":\"8F7936E2-4290-48A4-A857-929E9CEDBDF5\"}]}]}],\"references\":[{\"url\":\"https://github.com/advisories/GHSA-vxpp-6299-mxw3\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.