Linux Distros Unpatched Vulnerability : CVE-2024-29895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated us...

VulnCheck KEV: CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7,...

CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

CVE-2024-56145

Craft CMS is affected by CVE-2024-56145 due to a code execution vector triggered when php.ini register_argc_argv is enabled. Reports indicate an RCE vulnerability exists in affected versions, with remediation via upgrading to Craft CMS 3.9.14, 4.13.2, or 5.5.2. If upgrading is not possible, the r...

CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

GHSA-2P6P-9RC9-62J9 Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled

Impact You are affected if your php.ini configuration has registerargcargv enabled. Patches Update to 3.9.14, 4.13.2, or 5.5.2. Workarounds If you can't upgrade yet, and registerargcargv is enabled, you can disable it to mitigate the issue...

CVE-2024-52301

CVE-2024-52301 affects the Laravel framework. When the PHP directive register_argc_argv is on, a crafted query string can alter the request-handling environment on non-cli SAPIs. This article notes the fix: Laravel now ignores argv values for environment detection on non-cli SAPIs, and the vulner...

VulnCheck KEV: CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the...

Amazon Linux 2023 : composer (ALAS2023-2023-384)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-384 advisory. Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code executi...

Medium: composer

Issue Overview: Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions...

SUSE CVE-2023-43655

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

Remote Code Execution (RCE)

composer/composer is vulnerable to Remote Code Execution RCE. The vulnerability exists because the registerargcargv is not properly disabled in php.ini, which allows an attacker to inject and execute malicious code through the malicious composer.phar file when publishing a composer.phar to a publ...

GHSA-JM6M-4632-36HF Composer Remote Code Execution vulnerability via web-accessible composer.phar

Impact Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Patches 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Workarounds Make sure registerargcargv i...

Composer Remote Code Execution vulnerability via web-accessible composer.phar

Impact Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Patches 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Workarounds Make sure registerargcargv i...

Remote code execution

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

CVE-2023-43655

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

Remote Code Execution via web-accessible composer

Composer project reports: Description: Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Workaround: Make sure registerargcargv is disabled in php.ini, and...

FreeBSD : Remote Code Execution via web-accessible composer (33922b84-5f09-11ee-b63d-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 33922b84-5f09-11ee-b63d-0897988a1c07 advisory. - Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible...

CVE-2006-6799

CVE-2006-6799 : SQL injection in Cacti 0.8.6i and earlier when register_argc_argv is enabled. An attacker can supply the second or third argument to cmd.php to inject arbitrary SQL; the query results in polling_items are later used in a popen function, enabling potential arbitrary command executi...