CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8932 – OOB access in ldap_escape
https://notcve.org/view.php?id=CVE-2024-8932
22 Nov 2024 — In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. Security Center leverages third-party software to help provide underlying functionality. Several of the third-party components (OpenSSL, PHP) were found to contain vulnerabilities, and updated versions have been made available by the providers.Out of caution and in line with best practice... • https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 2%CPEs: 3EXPL: 0CVE-2024-8926 – PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
https://notcve.org/view.php?id=CVE-2024-8926
03 Oct 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. In PHP... • https://github.com/advisories/GHSA-vxpp-6299-mxw3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8925 – Erroneous parsing of multipart form data
https://notcve.org/view.php?id=CVE-2024-8925
02 Oct 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead ... • https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-8927 – cgi.force_redirect configuration is bypassable due to the environment variable collision
https://notcve.org/view.php?id=CVE-2024-8927
02 Oct 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. A flaw was found in PHP. The configuration directive `cgi... • https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp • CWE-1220: Insufficient Granularity of Access Control •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-9026 – PHP-FPM logs from children may be altered
https://notcve.org/view.php?id=CVE-2024-9026
02 Oct 2024 — In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. A flaw was found in PHP-FPM, the FastCGI Process Manager. T... • https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5 • CWE-117: Improper Output Neutralization for Logs CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 9.7EPSS: 53%CPEs: 3EXPL: 1CVE-2024-1874 – Command injection via array-ish $command parameter of proc_open()
https://notcve.org/view.php?id=CVE-2024-1874
29 Apr 2024 — In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. En las versiones de PHP 8.1.* anteriores a 8.1.28, 8.2.* anteriores a 8.2.18, 8.3.* anteriores a 8.3.5, cuando se utiliza el comando proc_open() con sintaxis de matriz, debido a un escape ins... • https://github.com/Tgcohce/CVE-2024-1874 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2024-2757 – PHP mb_encode_mimeheader runs endlessly for some inputs
https://notcve.org/view.php?id=CVE-2024-2757
29 Apr 2024 — In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. En PHP 8.3.* anterior a 8.3.5, la función mb_encode_mimeheader() se ejecuta sin cesar para algunas entradas que contienen cadenas largas de caracteres que no son espacios seguidos de un espacio. Esto podría provocar un posible ataque DoS... • http://www.openwall.com/lists/oss-security/2024/04/12/11 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3096 – PHP function password_verify can erroneously return true when argument contains NUL
https://notcve.org/view.php?id=CVE-2024-3096
16 Apr 2024 — In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. En la versión PHP 8.1.* anterior a 8.1.28, 8.2.* anterior a 8.2.18, 8.3.* anterior a 8.3.5, si una contraseña almacenada con contraseña_hash() comienza con un byte nulo (\x00), se prueba una cadena en blanco como la contraseña a través de contraseña_verify() devolverá v... • http://www.openwall.com/lists/oss-security/2024/04/12/11 • CWE-20: Improper Input Validation CWE-626: Null Byte Interaction Error (Poison Null Byte) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2756 – __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
https://notcve.org/view.php?id=CVE-2024-2756
16 Apr 2024 — Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Debido a una solución incompleta de CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, los atacantes de la red y del mismo sitio pueden establecer una cookie estándar insegura en el navegador de la víctima que se trata como una __Host- o __... • http://www.openwall.com/lists/oss-security/2024/04/12/11 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31631 – PDO::quote() may return unquoted string
https://notcve.org/view.php?id=CVE-2022-31631
23 Jan 2023 — In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities. A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote() of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf(), it is possible to force th... • https://bugs.php.net/bug.php?id=81740 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-190: Integer Overflow or Wraparound •