exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 7

GHSA-pc52-254m-w9w7

больше 1 года назад

Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows

CVSS3: 9.4

EPSS: Средний

CVE-2024-1874

больше 1 года назад

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

CVSS3: 9.4

EPSS: Средний

CVE-2024-1874

больше 1 года назад

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

EPSS: Средний

CVE-2024-1874

больше 1 года назад

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

CVSS3: 9.4

EPSS: Средний

CVE-2024-1874

больше 1 года назад

CVSS3: 9.4

EPSS: Средний

CVE-2024-1874

больше 1 года назад

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...

CVSS3: 9.4

EPSS: Средний

BDU:2025-11445

больше 1 года назад

Уязвимость функции proc_open() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольные команды

CVSS3: 9.4

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
GHSA-pc52-254m-w9w7 Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows	CVSS3: 9.4	58% Средний	больше 1 года назад
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.	CVSS3: 9.4	58% Средний	больше 1 года назад
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.		58% Средний	больше 1 года назад
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.	CVSS3: 9.4	58% Средний	больше 1 года назад
CVE-2024-1874	CVSS3: 9.4	58% Средний	больше 1 года назад
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...	CVSS3: 9.4	58% Средний	больше 1 года назад
BDU:2025-11445 Уязвимость функции proc_open() интерпретатора языка программирования PHP, позволяющая нарушителю выполнить произвольные команды	CVSS3: 9.4	58% Средний	больше 1 года назад

Уязвимостей на страницу