Описание
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Ссылки
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.7 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
EPSS
7.7 High
CVSS3
8.8 High
CVSS3