exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 6

CVE-2024-1874

около 1 года назад

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

CVSS3: 9.4

EPSS: Средний

CVE-2024-1874

около 1 года назад

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

EPSS: Средний

CVE-2024-1874

около 1 года назад

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

CVSS3: 9.4

EPSS: Средний

CVE-2024-1874

около 1 года назад

CVSS3: 9.4

EPSS: Средний

CVE-2024-1874

около 1 года назад

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...

CVSS3: 9.4

EPSS: Средний

GHSA-pc52-254m-w9w7

около 1 года назад

Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows

CVSS3: 9.4

EPSS: Средний

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.	CVSS3: 9.4	55% Средний	около 1 года назад
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.		55% Средний	около 1 года назад
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.	CVSS3: 9.4	55% Средний	около 1 года назад
CVE-2024-1874	CVSS3: 9.4	55% Средний	около 1 года назад
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...	CVSS3: 9.4	55% Средний	около 1 года назад
GHSA-pc52-254m-w9w7 Command injection via array-ish $command parameter of proc_open even if bypass_shell option enabled on Windows	CVSS3: 9.4	55% Средний	около 1 года назад

Уязвимостей на страницу