Lucene search

K

[email protected]NVD:CVE-2024-1874

HistoryApr 29, 2024 - 4:15 a.m.

CVE-2024-1874

2024-04-2904:15:07

CWE-116

[email protected]

web.nvd.nist.gov

11

php versions

proc_open()

array syntax

arbitrary command execution

windows shell

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

8.9

Confidence

High

EPSS

0

Percentile

10.3%

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

References

www.openwall.com/lists/oss-security/2024/04/12/11

www.openwall.com/lists/oss-security/2024/06/07/1

github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7

lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/

lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/

security.netapp.com/advisory/ntap-20240510-0009/

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

8.9

Confidence

High

EPSS

0

Percentile

10.3%

Related for NVD:CVE-2024-1874

ubuntucve2 redhatcve2 githubexploit1 vulnrichment2 osv6 debiancve2 nessus25 cbl_mariner1 cvelist2 alpinelinux2 cve2 openvas12 nvd1 fedora5 slackware2 cert1 mageia1 thn1 freebsd1