CVE-2024-8926

Updated: 2024-10-09 22:14:51.781659

Description:

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x NONE 0
CVSS Version 3.x HIGH 8.1

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS php 5.3.3 8.1 HIGH Not Vulnerable 2024-10-02 14:26:09
CentOS 7 ELS php 5.4.16 8.1 HIGH Not Vulnerable 2024-10-02 14:26:12
CentOS 8.4 ELS php 7.4.6 8.1 HIGH Not Vulnerable 2024-10-02 14:26:09
CentOS 8.5 ELS php 7.4.19 8.1 HIGH Not Vulnerable 2024-10-02 14:26:09
CentOS Stream 8 ELS php 7.2.24 8.1 HIGH Not Vulnerable 2024-10-02 14:26:09
CloudLinux 6 ELS php 5.3.3 8.1 HIGH Not Vulnerable 2024-10-02 14:26:09
CloudLinux 7 ELS php 5.4.16 8.1 HIGH Not Vulnerable 2024-10-02 14:26:12
Oracle Linux 6 ELS php 5.3.3 8.1 HIGH Not Vulnerable 2024-10-02 14:26:09
Ubuntu 16.04 ELS php 7.0.33 8.1 HIGH Not Vulnerable 2024-10-02 14:26:09
Ubuntu 18.04 ELS php 7.2.24-0 8.1 HIGH Not Vulnerable 2024-10-02 14:26:09