CVE-2024-1874

2024-04-2904:15:07

Debian Security Bug Tracker

security-tracker.debian.org

php

versions

proc_open()

vulnerability

windows shell

unix

9.7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.4%

JSON

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

OSVersionArchitecturePackageVersionFilename
Debian10allphp7.3< 7.3.31-1~deb10u1php7.3_7.3.31-1~deb10u1_all.deb
Debian11allphp7.4< 7.4.33-1+deb11u4php7.4_7.4.33-1+deb11u4_all.deb
Debian12allphp8.2< 8.2.7-1~deb12u1php8.2_8.2.7-1~deb12u1_all.deb
Debian999allphp8.2< 8.2.18-1php8.2_8.2.18-1_all.deb
Debian13allphp8.2< 8.2.18-1php8.2_8.2.18-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	all	php7.3	< 7.3.31-1~deb10u1	php7.3_7.3.31-1~deb10u1_all.deb
Debian	11	all	php7.4	< 7.4.33-1+deb11u4	php7.4_7.4.33-1+deb11u4_all.deb
Debian	12	all	php8.2	< 8.2.7-1~deb12u1	php8.2_8.2.7-1~deb12u1_all.deb
Debian	999	all	php8.2	< 8.2.18-1	php8.2_8.2.18-1_all.deb
Debian	13	all	php8.2	< 8.2.18-1	php8.2_8.2.18-1_all.deb