Lucene search
K

29 matches found

Tenable Nessus
Tenable Nessus
added 2025/06/16 12:0 a.m.19 views

TencentOS Server 4: php (TSSA-2025:0004)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0004 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

9.4CVSS8.1AI score0.32568EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2024/07/18 3:25 p.m.1174 views

Exploit for Improper Encoding or Escaping of Output in Php

CVE-2024-1874 Proof Of Concept for CVE-2024-1874https://nvd...

9.4CVSS9.4AI score0.32568EPSS
Exploits2
CBLMariner
CBLMariner
added 2024/07/02 11:30 p.m.30 views

CVE-2024-1874 affecting package php for versions less than 8.3.8-1

CVE-2024-1874 affecting package php for versions less than 8.3.8-1. An upgraded version of the package is available that resolves this issue...

9.4CVSS7AI score0.32568EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/07/02 12:0 a.m.32 views

CBL Mariner 2.0 Security Update: php (CVE-2024-1874)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-1874 advisory. - In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with arra...

9.4CVSS7.9AI score0.32568EPSS
Exploits2References2
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.6 views

Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)

...

9.4CVSS7AI score0.32568EPSS
Exploits3
OSV
OSV
added 2024/06/12 7:30 a.m.41 views

BIT-PHP-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

9.4CVSS9AI score0.32568EPSS
Exploits3References7
RedhatCVE
RedhatCVE
added 2024/06/11 2:28 p.m.72 views

CVE-2024-5585

In PHP, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments tha...

9.4CVSS8.8AI score0.32568EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.262 views

PHP 8.1.x < 8.1.29 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.29, 8.2.x prior to 8.2.20, or 8.3.x prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities: - An argument Injection in PHP-CGI with a bypass of CVE-2012-1823...

9.8CVSS8.8AI score0.99998EPSS
Exploits105References6
Tenable Nessus
Tenable Nessus
added 2024/06/10 12:0 a.m.54 views

PHP 8.3.x < 8.3.8 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.29, 8.2.x prior to 8.2.20, or 8.3.x prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities: - An argument Injection in PHP-CGI with a bypass of CVE-2012-1823...

9.8CVSS8.8AI score0.99998EPSS
Exploits105References6
Cvelist
Cvelist
added 2024/06/09 6:36 p.m.141 views

CVE-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

7.7CVSS0.28807EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/06/09 6:36 p.m.76 views

CVE-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...

7.7CVSS8.1AI score0.28807EPSS
Exploits1References5
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.39 views

Slackware: Security Advisory (SSA:2024-158-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.6AI score0.99998EPSS
Exploits105References8
Tenable Nessus
Tenable Nessus
added 2024/06/06 12:0 a.m.70 views

Slackware Linux 15.0 / current php81 Multiple Vulnerabilities (SSA:2024-158-01)

The version of php81 installed on the remote host is prior to 8.1.29 / 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-158-01 advisory. New php packages are available for Slackware 15.0 and -current to fix security issues. Tenable has extracted the...

9.8CVSS7.7AI score0.99998EPSS
Exploits105References6
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.30 views

Fedora: Security Advisory (FEDORA-2024-5e8ae0def0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS8.5AI score0.49336EPSS
Exploits6References30
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.29 views

Fedora: Security Advisory for php (FEDORA-2024-39d50cc975)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS8.3AI score0.49336EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.28 views

Fedora: Security Advisory (FEDORA-2024-b46619f761)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.4CVSS8.5AI score0.49336EPSS
Exploits5References26
Cvelist
Cvelist
added 2024/04/29 3:57 a.m.43 views

CVE-2024-1874 Command injection via array-ish $command parameter of proc_open()

In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...

9.4CVSS9.8AI score0.32568EPSS
Exploits2References6
CVE
CVE
added 2024/04/29 3:57 a.m.302 views

CVE-2024-1874

This CVE affects PHP 8.1.x up to before 8.1.28, 8.2.x up to before 8.2.18, and 8.3.x up to before 8.3.5. The root cause is insufficient escaping when using proc_open() with array syntax, allowing a malicious user to pass arguments that can execute arbitrary commands in Windows shell. Impact is re...

9.4CVSS8.9AI score0.32568EPSS
Exploits2References10Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/04/29 12:0 a.m.31 views

Fedora 40 : php (2024-5e8ae0def0)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5e8ae0def0 advisory. PHP version 8.3.6 11 Apr 2024 Core: Fixed GH-13569 GC buffer unnecessarily grows up to GCMAXBUFSIZE when scanning WeakMaps. Arnaud Fixed bug GH-1361...

9.4CVSS7.9AI score0.49336EPSS
Exploits6References6
Tenable Nessus
Tenable Nessus
added 2024/04/23 12:0 a.m.905 views

PHP 8.2.x < 8.2.18 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.28, 8.2.x prior to 8.2.18, or 8.3.x prior to 8.3.6. It is, therefore, affected by multiple vulnerabilities: - A command injection via array-ish $command parameter of procopen...

9.4CVSS8.3AI score0.49336EPSS
Exploits6References5
Rows per page
Query Builder