CVE-2024-4577 – PHP-CGI OS Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema está configurado para usar ciertas páginas de códigos, Windows puede utilizar el comportamiento "Mejor ajuste" para reemplazar caracteres en la línea de comando proporcionada a las funciones de la API de Win32. El módulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se está ejecutando y, por lo tanto, revelar el código fuente de los scripts, ejecutar código PHP arbitrario en el servidor, etc. PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability. • https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT https://github.com/manuelinfosec/CVE-2024-4577 https://github.com/zomasec/CVE-2024-4577 https://github.com/cybersagor/CVE-2024-4577 https://github.com/l0n3m4n/CVE-2024-4577-RCE https://github.com/bughuntar/CVE-2024-4577 https://github.com/watchtowrlabs/CVE-2024-4577 https://github.com/xcanwin/CVE-2024-4577-PHP-RCE https://github.com/TAM-K592/CVE-2024-4577 https://github.com/Chocapikk/CVE-2024-4577 https://githu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2024-5458 – Filter bypass in filter_var (FILTER_VALIDATE_URL)
https://notcve.org/view.php?id=CVE-2024-5458
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, debido a un error de lógica de código, funciones de filtrado como filter_var al validar URL (FILTER_VALIDATE_URL) para ciertos tipos de URL la función dará como resultado que la información de usuario no válida (nombre de usuario + contraseña parte de las URL) se trate como información de usuario válida. Esto puede hacer que el código posterior acepte URL no válidas como válidas y las analice incorrectamente. • http://www.openwall.com/lists/oss-security/2024/06/07/1 https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK https://security.netapp.com/advisory/ntap-20240726-0001 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2022-4900 – Potential buffer overflow in php_cli_server_startup_workers
https://notcve.org/view.php?id=CVE-2022-4900
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. Se encontró una vulnerabilidad en PHP donde establecer la variable de entorno PHP_CLI_SERVER_WORKERS en un valor grande provoca un desbordamiento del búfer del heap. • https://access.redhat.com/security/cve/CVE-2022-4900 https://bugzilla.redhat.com/show_bug.cgi?id=2179880 https://security.netapp.com/advisory/ntap-20231130-0008 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVE-2023-3824 – Buffer overflow and overread in phar_dir_read()
https://notcve.org/view.php?id=CVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. En PHP versión 8.0.* antes de 8.0.30, 8.1.* antes de 8.1.22, y 8.2.* antes de 8.2.8, al cargar el archivo phar, mientras se leen las entradas del directorio PHAR, una comprobación de longitud insuficiente puede conducir a un desbordamiento del búfer de pila, llevando potencialmente a corrupción de memoria o RCE. A flaw was found in PHP that can lead to a buffer overflow and a stack information leak due to improper bounds checking within the phar_dir_read() function. This issue may allow an attacker to initiate memory corruption by compelling the application to open a specially crafted .phar archive, allowing the attacker to corrupt memory or cause a denial of service condition. • https://github.com/jhonnybonny/CVE-2023-3824 https://github.com/m1sn0w/CVE-2023-3824 https://github.com/Starla2u/CVE-2023-3824-PHP-to-RCE-LockBit-LEAK https://github.com/php/php-src/security/advisories/GHSA-jqcx-ccgc-xwhv https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2023-3823 – Security issue with external entity loading in XML without enabling it
https://notcve.org/view.php?id=CVE-2023-3823
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. • https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr https://lists.debian.org/debian-lts-announce/2023/09/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7NBF77WN6DTVTY2RE73IGPYD6M4PIAWA https://security.netapp.com/advisory/ntap-20230825-0001 https://access.redhat.com/security/cve/CVE-2023-3823 https://bugzilla.redhat.com/show_bug.cgi?id=2229396 • CWE-611: Improper Restriction of XML External Entity Reference •