php: Filter bypass in filter_var (FILTER_VALIDATE_URL)

A flaw was found in PHP. An early return in the filtervar FILTERVALIDATEURL function results in invalid user information username + password part of URLs being treated as valid user information. This issue impacts users who expect only completely valid URLs to be returned by filtervar...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.29, and 8.2. before 8.2.20, and 8.3. before 8.3.8, due to a code logic error, filtering functions such as filterVar when validating URLs using FILTERVALIDATEURL will result in invalid user information such as username and password parts of URLs being treated as val...

PHP 操作系统命令注入漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.29, prior to 8.2.20, and prior to 8.3.8, which stems from a misconfiguration when using a Windows code page with a non-standard configuration that points to the OEM...

GLSA-202408-32 : PHP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-32 PHP: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...

Vulnerabilities fixed in PHP

Vulnerabilities have been fixed in PHP. A malicious person could exploit the vulnerabilities to execute arbitrary code with application privileges. The vulnerability with attribute CVE-2024-4577 is actually a re-entry of the vulnerability with attribute CVE-2012-1823. This vulnerability allows th...

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.29, 8.2.x prior to 8.2.20, or 8.3.x prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities: - An argument Injection in PHP-CGI with a bypass of CVE-2012-1823...

CVE-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from insufficient escaping, which allows a user to supply parameters to execute arbitrary commands in the Windows shell if the parameters to execute the commands are under the control o...

PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP, which stems from a code logic error, where a filter function validating URLs incorrectly treats invalid user information containing username and password sections as valid user information for...

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.29 advisory. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properl...

PT-2024-4988 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions 8.1. before 8.1.29 PHP versions 8.2. before 8.2.20 PHP versions 8.3. before 8.3.8 Description: The issue arises from insufficient escaping when using the proc open function with array syntax, allowing a malicious user to supply...