php: Filter bypass in filter_var (FILTER_VALIDATE_URL)

A flaw was found in PHP. An early return in the filtervar FILTERVALIDATEURL function results in invalid user information username + password part of URLs being treated as valid user information. This issue impacts users who expect only completely valid URLs to be returned by filtervar...

Astra Linux – Vulnerability in PHP 8.2

In PHP versions 8.1. before 8.1.29, and 8.2. before 8.2.20, and 8.3. before 8.3.8, due to a code logic error, filtering functions such as filterVar when validating URLs using FILTERVALIDATEURL will result in invalid user information such as username and password parts of URLs being treated as val...

PHP 操作系统命令注入漏洞

PHP is a scripting language for PHP that executes on the server side. A security vulnerability exists in PHP versions prior to 8.1.29, prior to 8.2.20, and prior to 8.3.8, which stems from a misconfiguration when using a Windows code page with a non-standard configuration that points to the OEM...

GLSA-202408-32 : PHP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202408-32 PHP: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly from the...

[R1] Stand-alone Security Patch Available for Tenable Security Center versions 6.2.1, 6.3.0 and 6.4.0: SC-202407.1

R1 Stand-alone Security Patch Available for Tenable Security Center versions 6.2.1, 6.3.0 and 6.4.0: SC-202407.1 Arnie Cabral Tue, 07/09/2024 - 08:33 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components PHP was found to contain...

Fedora 39 : php (2024-52c23ef1ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...

Vulnerabilities fixed in PHP

Vulnerabilities have been fixed in PHP. A malicious person could exploit the vulnerabilities to execute arbitrary code with application privileges. The vulnerability with attribute CVE-2024-4577 is actually a re-entry of the vulnerability with attribute CVE-2012-1823. This vulnerability allows th...

CVE-2024-5585

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from insufficient escaping, which allows a user to supply parameters to execute arbitrary commands in the Windows shell if the parameters to execute the commands are under the control o...

PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP, which stems from a code logic error, where a filter function validating URLs incorrectly treats invalid user information containing username and password sections as valid user information for...

PT-2024-4988 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions 8.1. before 8.1.29 PHP versions 8.2. before 8.2.20 PHP versions 8.3. before 8.3.8 Description: The issue arises from insufficient escaping when using the proc open function with array syntax, allowing a malicious user to supply...