Количество 19
Количество 19
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
cgi.force_redirect configuration is bypassable due to the environment variable collision
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
GHSA-94p6-54jq-9mwp
cgi.force_redirect configuration is bypassable due to the environment variable collision
BDU:2024-07679
Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности
SUSE-SU-2024:3733-1
Security update for php7
SUSE-SU-2024:3732-1
Security update for php74
SUSE-SU-2024:3729-1
Security update for php8
SUSE-SU-2024:3664-1
Security update for php8
ELSA-2024-10951
ELSA-2024-10951: php:8.2 security update (MODERATE)
ELSA-2024-10950
ELSA-2024-10950: php:8.1 security update (MODERATE)
ELSA-2024-10949
ELSA-2024-10949: php:8.2 security update (MODERATE)
ROS-20241015-15
Множественные уязвимости php
ROS-20241015-14
Множественные уязвимости php
ROS-20241015-11
Множественные уязвимости php
ELSA-2025-7315
ELSA-2025-7315: php security update (MODERATE)
ELSA-2024-10952
ELSA-2024-10952: php:7.4 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
| CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ... | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| GHSA-94p6-54jq-9mwp cgi.force_redirect configuration is bypassable due to the environment variable collision | CVSS3: 5.3 | 0% Низкий | около 1 года назад |
 | BDU:2024-07679 Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 9.8 | 0% Низкий | около 1 года назад |
 | SUSE-SU-2024:3733-1 Security update for php7 | около 1 года назад | ||
| SUSE-SU-2024:3732-1 Security update for php74 | около 1 года назад | ||
| SUSE-SU-2024:3729-1 Security update for php8 | около 1 года назад | ||
| SUSE-SU-2024:3664-1 Security update for php8 | около 1 года назад | ||
| ELSA-2024-10951 ELSA-2024-10951: php:8.2 security update (MODERATE) | 11 месяцев назад | ||
| ELSA-2024-10950 ELSA-2024-10950: php:8.1 security update (MODERATE) | 11 месяцев назад | ||
| ELSA-2024-10949 ELSA-2024-10949: php:8.2 security update (MODERATE) | 11 месяцев назад | ||
 | ROS-20241015-15 Множественные уязвимости php | CVSS3: 9.8 | около 1 года назад | |
| ROS-20241015-14 Множественные уязвимости php | CVSS3: 9.8 | около 1 года назад | |
| ROS-20241015-11 Множественные уязвимости php | CVSS3: 9.8 | около 1 года назад | |
| ELSA-2025-7315 ELSA-2025-7315: php security update (MODERATE) | 6 месяцев назад | ||
| ELSA-2024-10952 ELSA-2024-10952: php:7.4 security update (MODERATE) | 11 месяцев назад |
Уязвимостей на страницу