CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35226 – PHP Code Injection by malicious attribute in extends-tag in Smarty
https://notcve.org/view.php?id=CVE-2024-35226
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template authors could inject php code by choosing a malicious file name for an extends-tag. Sites that cannot fully trust template authors should update asap. All users are advised to update. There is no patch for users on the v3 branch. • https://github.com/smarty-php/smarty/commit/0be92bc8a6fb83e6e0d883946f7e7c09ba4e857a https://github.com/smarty-php/smarty/security/advisories/GHSA-4rmg-292m-wg3w • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 1CVE-2024-1874 – Command injection via array-ish $command parameter of proc_open()
https://notcve.org/view.php?id=CVE-2024-1874
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. En las versiones de PHP 8.1.* anteriores a 8.1.28, 8.2.* anteriores a 8.2.18, 8.3.* anteriores a 8.3.5, cuando se utiliza el comando proc_open() con sintaxis de matriz, debido a un escape insuficiente, si los argumentos del comando ejecutado son controlado por un usuario malintencionado, el usuario puede proporcionar argumentos que ejecutarían comandos arbitrarios en el shell de Windows. • https://github.com/Tgcohce/CVE-2024-1874 http://www.openwall.com/lists/oss-security/2024/04/12/11 http://www.openwall.com/lists/oss-security/2024/06/07/1 https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK https://security.netapp.com/advisor • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2757 – PHP mb_encode_mimeheader runs endlessly for some inputs
https://notcve.org/view.php?id=CVE-2024-2757
In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function. En PHP 8.3.* anterior a 8.3.5, la función mb_encode_mimeheader() se ejecuta sin cesar para algunas entradas que contienen cadenas largas de caracteres que no son espacios seguidos de un espacio. Esto podría provocar un posible ataque DoS si un usuario hostil envía datos a una aplicación que utiliza esta función. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq https://security.netapp.com/advisory/ntap-20240510-0011 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-2756 – __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
https://notcve.org/view.php?id=CVE-2024-2756
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. Debido a una solución incompleta de CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, los atacantes de la red y del mismo sitio pueden establecer una cookie estándar insegura en el navegador de la víctima que se trata como una __Host- o __Secure- cookie por aplicaciones PHP. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0008 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-3096 – PHP function password_verify can erroneously return true when argument contains NUL
https://notcve.org/view.php?id=CVE-2024-3096
In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. En la versión PHP 8.1.* anterior a 8.1.28, 8.2.* anterior a 8.2.18, 8.3.* anterior a 8.3.5, si una contraseña almacenada con contraseña_hash() comienza con un byte nulo (\x00), se prueba una cadena en blanco como la contraseña a través de contraseña_verify() devolverá verdadero incorrectamente. • http://www.openwall.com/lists/oss-security/2024/04/12/11 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr https://lists.debian.org/debian-lts-announce/2024/05/msg00005.html https://security.netapp.com/advisory/ntap-20240510-0010 • CWE-20: Improper Input Validation •