140 results (0.006 seconds)

CVSS: 9.8EPSS: 96%CPEs: 5EXPL: 49

CVE-2024-4577 – PHP-CGI OS Command Injection Vulnerability

https://notcve.org/view.php?id=CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema está configurado para usar ciertas páginas de códigos, Windows puede utilizar el comportamiento "Mejor ajuste" para reemplazar caracteres en la línea de comando proporcionada a las funciones de la API de Win32. El módulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se está ejecutando y, por lo tanto, revelar el código fuente de los scripts, ejecutar código PHP arbitrario en el servidor, etc. PHP versions prior to 8.3.8 suffer from a remote code execution vulnerability. • https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT https://github.com/manuelinfosec/CVE-2024-4577 https://github.com/zomasec/CVE-2024-4577 https://github.com/cybersagor/CVE-2024-4577 https://github.com/l0n3m4n/CVE-2024-4577-RCE https://github.com/bughuntar/CVE-2024-4577 https://github.com/watchtowrlabs/CVE-2024-4577 https://github.com/xcanwin/CVE-2024-4577-PHP-RCE https://github.com/TAM-K592/CVE-2024-4577 https://github.com/Chocapikk/CVE-2024-4577 https://githu • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 2

CVE-2022-31629 – $_COOKIE names string replacement (. -> _): cookie integrity vulnerabilities

https://notcve.org/view.php?id=CVE-2022-31629

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, la vulnerabilidad permite a atacantes de la red y del mismo sitio establecer una cookie no segura estándar en el navegador de la víctima que es tratada como una cookie "__Host-" o "__Secure-" por las aplicaciones PHP A vulnerability was found in PHP due to the way PHP handles HTTP variable names. It interferes with HTTP variable names that clash with ones that have a specific semantic meaning. This vulnerability allows network and same-site attackers to set a standard insecure cookie in the victim's browser, which is treated as a `__Host-` or `__Secure-` cookie by PHP applications, posing a threat to data integrity. • https://github.com/silnex/CVE-2022-31629-poc http://www.openwall.com/lists/oss-security/2024/04/12/11 https://bugs.php.net/bug.php?id=81727 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY https://lists.fedoraproject.org/archives/list/package- • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0

CVE-2022-31628 – phar wrapper can occur dos when using quine gzip file

https://notcve.org/view.php?id=CVE-2022-31628

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop. En PHP versiones anteriores a 7.4.31, 8.0.24 y 8.1.11, el código del descompresor phar descomprimía recursivamente archivos gzip "quines", resultando en un bucle infinito A vulnerability was found in PHP due to an infinite loop within the phar uncompressor code when processing "quines" gzip files. This vulnerability allows a remote attacker to pass a specially crafted archive to the application, and consume all available system resources, causing a denial of service condition. • https://bugs.php.net/bug.php?id=81726 https://lists.debian.org/debian-lts-announce/2022/12/msg00030.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2L5SUVYGAKSWODUQPZFBUB3AL6E6CSEV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VI3E6A3ZTH2RP7OMLJHSVFIEQBIFM6RF https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XNIEABBH5XCXLFWWZYIDE457SPEDZTXV https://security.gentoo.org/glsa/202211-03 https:/ • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2021-29399

https://notcve.org/view.php?id=CVE-2021-29399

XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16. XMB es vulnerable a un ataque de tipo cross-site scripting (XSS) debido a un filtrado inadecuado de la entrada de BBCode. Este bug afecta a todas las versiones de XMB. • https://docs.xmbforum2.com/index.php?title=Security_Issue_History https://forums.xmbforum2.com/viewthread.php?tid=777105 https://www.xmbforum2.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 2

CVE-2020-11579

https://notcve.org/view.php?id=CVE-2020-11579

An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. Se detectó un problema en Chadha PHPKB versión 9.0 Enterprise Edition. El archivo installer/test-connection.php (parte del proceso de instalación) permite a un atacante remoto no autenticado revelar archivos locales en hosts que ejecutan PHP versiones anteriores a 7.2.16, o en hosts donde la opción MySQL ALLOW LOCAL DATA INFILE está habilitada • https://github.com/ShielderSec/CVE-2020-11579 https://shielder.it https://www.phpkb.com https://www.shielder.it/blog/mysql-and-cve-2020-11579-exploitation • CWE-306: Missing Authentication for Critical Function •