Amazon Linux 2 : php (ALASPHP8.0-2023-005)

The version of php installed on the remote host is prior to 8.0.24-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2PHP8.0-2023-005 advisory. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip...

PHP 7.4.x < 7.4.32 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.32, 8.0.x prior to 8.0.24, or 8.1.x prior to 8.1.11. It is, therefore, affected by multiple vulnerabilities: - The phar uncompressor code would recursively uncompress quines gzip...

PHP 8.0.x < 8.0.24 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.0.24. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.24 advisory. - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files,...

Code injection

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a Host- or Secure- cookie by PHP applications...