Lucene search
Redhat.comRH:CVE-2024-1874HistoryApr 15, 2024 - 2:50 p.m.
CVE-2024-1874
2024-04-1514:50:00
redhat.com
access.redhat.com
60
cve-2024-1874
command injection
php
windows
createprocess
batch files
A command injection flaw was found in PHP, exclusive to Windows environments. This flaw allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function in specific conditions. The CreateProcess function implicitly uses cmd.exe when executing batch files, which has complicated parsing rules for arguments that have not fully escaped. It is possible to inject commands if an attacker can control part of the command arguments of the batch file.
Related
ubuntucve
ubuntucve
CVE-2024-1874
2024-04-29 00:00:00
cvelist
cvelist
osv
osv
BIT-php-2024-1874
2024-05-14 07:29:52
CVE-2024-1874
2024-04-29 04:15:07
process: command injection via argument list on Windows
2024-04-09 22:14:47
cve
cve
CVE-2024-1874
2024-04-29 04:15:07
alpinelinux
alpinelinux
CVE-2024-1874
2024-04-29 04:15:07
debiancve
debiancve
CVE-2024-1874
2024-04-29 04:15:07
openvas
openvas
Slackware: Security Advisory (SSA:2024-103-01)
2024-04-15 00:00:00
Mageia: Security Advisory (MGASA-2024-0132)
2024-04-15 00:00:00
nessus
nessus
PHP 8.1.x < 8.1.28 Multiple Vulnerabilities
2024-04-12 00:00:00
PHP 8.2.x < 8.2.18 Multiple Vulnerabilities
2024-04-11 00:00:00
mageia
mageia
Updated php packages fix security vulnerabilities
2024-04-13 19:56:38
cert
cert
slackware
slackware
[slackware-security] php
2024-04-12 19:36:41
fedora
fedora
[SECURITY] Fedora 39 Update: php-8.2.18-1.fc39
2024-04-19 01:18:35
[SECURITY] Fedora 38 Update: php-8.2.18-1.fc38
2024-04-19 02:53:20
[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40
2024-04-19 21:43:53
freebsd
freebsd
php -- Multiple vulnerabilities
2024-04-11 00:00:00
thn
thn
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks
2024-04-10 03:05:00