Lucene search

K

[email protected]NVD:CVE-2024-1874

HistoryApr 29, 2024 - 4:15 a.m.

CVE-2024-1874

2024-04-2904:15:07

CWE-116

[email protected]

web.nvd.nist.gov

1

php versions

proc_open()

array syntax

arbitrary command execution

windows shell

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

References

www.openwall.com/lists/oss-security/2024/04/12/11

www.openwall.com/lists/oss-security/2024/06/07/1

github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7

lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/

lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/

security.netapp.com/advisory/ntap-20240510-0009/

9.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

8.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

Related for NVD:CVE-2024-1874

cve2 alpinelinux2 redhatcve2 ubuntucve2 osv5 cvelist2 vulnrichment1 debiancve2 openvas12 nvd1 cert1 mageia1 nessus23 slackware2 fedora5 freebsd1 thn1