PHP Security Vulnerabilities

PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from insufficient escaping, which allows a user to supply parameters to execute arbitrary commands in the Windows shell if the parameters to execute the commands are under the control o...

PT-2024-4988 · Php +2 · Php +2

Name of the Vulnerable Software and Affected Versions: PHP versions 8.1. before 8.1.29 PHP versions 8.2. before 8.2.20 PHP versions 8.3. before 8.3.8 Description: The issue arises from insufficient escaping when using the proc open function with array syntax, allowing a malicious user to supply...

PHP 8.3.x < 8.3.8 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.8 advisory. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properly...

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.29 advisory. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properl...

CVE-2024-1874

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

CVE-2024-1874

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

AZL-40052 CVE-2024-1874 affecting package php for versions less than 8.3.8-1

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

CVE-2024-1874 Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

CVE-2024-1874 Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

CVE-2024-1874

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

CVE-2024-1874

This CVE affects PHP 8.1.x up to before 8.1.28, 8.2.x up to before 8.2.18, and 8.3.x up to before 8.3.5. The root cause is insufficient escaping when using proc_open() with array syntax, allowing a malicious user to pass arguments that can execute arbitrary commands in Windows shell. Impact is re...

PHP 安全漏洞

PHP is a scripting language in which PHP is executed server-side. A security vulnerability exists in PHP that originates when using the procopen command with array syntax, due to insufficient escaping, which allows a user to supply parameters to execute arbitrary commands in the Windows shell if...

CVE-2023-31702

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...

The vulnerability of the Windows Shell component of Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Shell component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2022-30222

Windows Shell Remote Code Execution Vulnerability...

CVE-2022-30222

Windows Shell Remote Code Execution Vulnerability...

CVE-2022-30222

Windows Shell Remote Code Execution Vulnerability...

CVE-2022-30222 Windows Shell Remote Code Execution Vulnerability

...

CVE-2022-30222 Windows Shell Remote Code Execution Vulnerability

...

Microsoft Windows Shell 输入验证错误漏洞

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft, U.S.A. Easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. On some versions of Windows,...