Lucene search

K
redosRedosROS-20240826-02
HistoryAug 26, 2024 - 12:00 a.m.

ROS-20240826-02

2024-08-2600:00:00
redos.red-soft.ru
7
php
password_verify()
vulnerability
remote attackers
bypass authentication
unauthorized access
web application
unix

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.7

Confidence

Low

Vulnerability of password_verify() function of PHP programming language interpreter is related to flaws in the authentication procedure.
of the authentication procedure. Exploitation of the vulnerability could allow an attacker acting remotely
Bypass the authentication process and gain unauthorized access to the web application

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64php< 8.1.29-1UNKNOWN

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.7

Confidence

Low