Количество 19
Количество 19
GHSA-94p6-54jq-9mwp
cgi.force_redirect configuration is bypassable due to the environment variable collision
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
CVE-2024-8927
CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ...
BDU:2024-07679
Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности
SUSE-SU-2024:3733-1
Security update for php7
SUSE-SU-2024:3732-1
Security update for php74
SUSE-SU-2024:3729-1
Security update for php8
SUSE-SU-2024:3664-1
Security update for php8
ELSA-2024-10951
ELSA-2024-10951: php:8.2 security update (MODERATE)
ELSA-2024-10950
ELSA-2024-10950: php:8.1 security update (MODERATE)
ELSA-2024-10949
ELSA-2024-10949: php:8.2 security update (MODERATE)
ROS-20241015-15
Множественные уязвимости php
ROS-20241015-14
Множественные уязвимости php
ROS-20241015-11
Множественные уязвимости php
ELSA-2025-7315
ELSA-2025-7315: php security update (MODERATE)
ELSA-2024-10952
ELSA-2024-10952: php:7.4 security update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-94p6-54jq-9mwp cgi.force_redirect configuration is bypassable due to the environment variable collision | CVSS3: 5.3 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
 | CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
 | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад | |
| CVE-2024-8927 In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before ... | CVSS3: 7.5 | 0% Низкий | 9 месяцев назад |
 | BDU:2024-07679 Уязвимость сценария cgi.force_redirect интерпретатора языка программирования PHP, позволяющая нарушителю обойти существующие ограничения безопасности | CVSS3: 9.8 | 0% Низкий | 9 месяцев назад |
 | SUSE-SU-2024:3733-1 Security update for php7 | 8 месяцев назад | ||
| SUSE-SU-2024:3732-1 Security update for php74 | 8 месяцев назад | ||
| SUSE-SU-2024:3729-1 Security update for php8 | 8 месяцев назад | ||
| SUSE-SU-2024:3664-1 Security update for php8 | 8 месяцев назад | ||
| ELSA-2024-10951 ELSA-2024-10951: php:8.2 security update (MODERATE) | 6 месяцев назад | ||
| ELSA-2024-10950 ELSA-2024-10950: php:8.1 security update (MODERATE) | 6 месяцев назад | ||
| ELSA-2024-10949 ELSA-2024-10949: php:8.2 security update (MODERATE) | 6 месяцев назад | ||
 | ROS-20241015-15 Множественные уязвимости php | CVSS3: 9.8 | 8 месяцев назад | |
| ROS-20241015-14 Множественные уязвимости php | CVSS3: 9.8 | 8 месяцев назад | |
| ROS-20241015-11 Множественные уязвимости php | CVSS3: 9.8 | 8 месяцев назад | |
| ELSA-2025-7315 ELSA-2025-7315: php security update (MODERATE) | около 1 месяца назад | ||
| ELSA-2024-10952 ELSA-2024-10952: php:7.4 security update (MODERATE) | 6 месяцев назад |
Уязвимостей на страницу