CVE-2024-8926

Updated: 2024-10-09 22:14:51.781659

Description:

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 8.1

Status

OS name Project name Version Score Severity Status Errata Last updated
EL 6 PHP php 5.1 8.1 HIGH Not Vulnerable 2024-10-02 14:14:35
EL 6 PHP php 5.4 8.1 HIGH Not Vulnerable 2024-10-02 14:14:34
EL 6 PHP php 7.3 8.1 HIGH Not Vulnerable 2024-10-02 14:14:34
EL 6 PHP php 8.0 8.1 HIGH Not Vulnerable 2024-10-02 14:14:30
EL 6 PHP php 5.5 8.1 HIGH Not Vulnerable 2024-10-02 14:14:29
EL 6 PHP php 5.6 8.1 HIGH Not Vulnerable 2024-10-02 14:14:28
EL 6 PHP php 7.0 8.1 HIGH Not Vulnerable 2024-10-02 14:14:27
EL 6 PHP php 8.1 8.1 HIGH Needs Triage 2024-10-14 14:13:57
EL 6 PHP php 8.2 8.1 HIGH Needs Triage 2024-10-14 14:13:58
EL 6 PHP php 7.1 8.1 HIGH Not Vulnerable 2024-10-02 14:14:27
Total: 86