Lucene search

K

GoogleOSV:BIT-PHP-2024-1874

HistoryMay 14, 2024 - 7:29 a.m.

BIT-php-2024-1874

2024-05-1407:29:52

Google

osv.dev

60

php

version 8

proc_open command

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

8

Confidence

High

EPSS

0

Percentile

10.3%

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

References

www.openwall.com/lists/oss-security/2024/04/12/11

www.openwall.com/lists/oss-security/2024/06/07/1

github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7

lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/

lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/

security.netapp.com/advisory/ntap-20240510-0009/

CVSS3

9.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

AI Score

8

Confidence

High

EPSS

0

Percentile

10.3%

Related for OSV:BIT-PHP-2024-1874

ubuntucve2 redhatcve2 githubexploit1 vulnrichment2 osv5 nvd2 debiancve2 cbl_mariner1 cvelist2 nessus25 alpinelinux2 cve2 openvas12 fedora5 slackware2 cert1 mageia1 thn1 freebsd1