2 matches found
AZL-42424 CVE-2024-4577 affecting package php for versions less than 8.1.29-1
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
PHP OS Command Injection Vulnerability
PHP is a scripting language that executes on the server side. PHP suffers from an operating system command injection vulnerability that arises when, under certain conditions, the Windows system replaces characters on the command line with the "Best-Fit" behavior, which may cause the PHP CGI modul...