Количество 9
Количество 9
CVE-2024-5585
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
CVE-2024-5585
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
CVE-2024-5585
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
CVE-2024-5585
CVE-2024-5585
In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ...
GHSA-9fcc-425m-g385
bypass CVE-2024-1874
BDU:2024-05512
Уязвимость функции proc_open() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольные команды
ROS-20240816-16
Множественные уязвимости php
ROS-20240816-11
Множественные уязвимости php
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-5585 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. | CVSS3: 7.7 | 1% Низкий | около 1 года назад |
 | CVE-2024-5585 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. | CVSS3: 8.8 | 1% Низкий | около 1 года назад |
 | CVE-2024-5585 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell. | CVSS3: 7.7 | 1% Низкий | около 1 года назад |
 | CVSS3: 8.8 | 1% Низкий | 12 месяцев назад | |
| CVE-2024-5585 In PHP versions8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before ... | CVSS3: 7.7 | 1% Низкий | около 1 года назад |
| GHSA-9fcc-425m-g385 bypass CVE-2024-1874 | CVSS3: 7.7 | 1% Низкий | около 1 года назад |
 | BDU:2024-05512 Уязвимость функции proc_open() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольные команды | CVSS3: 8.8 | 1% Низкий | около 1 года назад |
 | ROS-20240816-16 Множественные уязвимости php | CVSS3: 8.8 | 10 месяцев назад | |
| ROS-20240816-11 Множественные уязвимости php | CVSS3: 8.8 | 10 месяцев назад |
Уязвимостей на страницу