Linux Distros Unpatched Vulnerability : CVE-2024-29895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated us...

VulnCheck KEV: CVE-2024-52301

Laravel is a web application framework. When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7,...

CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

CVE-2024-56145

Craft CMS is affected by CVE-2024-56145 due to a code execution vector triggered when php.ini register_argc_argv is enabled. Reports indicate an RCE vulnerability exists in affected versions, with remediation via upgrading to Craft CMS 3.9.14, 4.13.2, or 5.5.2. If upgrading is not possible, the r...

CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

CVE-2024-56145 RCE when PHP `register_argc_argv` config setting is enabled in craftcms/cms

Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has registerargcargv enabled. For these users an unspecified remote code execution vector is present...

GHSA-2P6P-9RC9-62J9 Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled

Impact You are affected if your php.ini configuration has registerargcargv enabled. Patches Update to 3.9.14, 4.13.2, or 5.5.2. Workarounds If you can't upgrade yet, and registerargcargv is enabled, you can disable it to mitigate the issue...

The vulnerability of the `register_argc_argv` configuration in the PHP framework Laravel allows attackers to compromise the integrity of the protected information.

The vulnerability in the registerargcargv configuration in the Laravel PHP framework is related to the improper elimination of arguments separators in the command. Exploiting this vulnerability allows an attacker to compromise the integrity of the protected information from a remote location...

CVE-2024-52301

CVE-2024-52301 affects the Laravel framework. When the PHP directive register_argc_argv is on, a crafted query string can alter the request-handling environment on non-cli SAPIs. This article notes the fix: Laravel now ignores argv values for environment detection on non-cli SAPIs, and the vulner...

VulnCheck KEV: CVE-2024-29895

Cacti provides an operational monitoring and fault management framework. A command injection vulnerability on the 1.3.x DEV branch allows any unauthenticated user to execute arbitrary command on the server when registerargcargv option of PHP is On. In cmdrealtime.php line 119, the...

The vulnerability of the “register_argc_argv” option in the Cacti network monitoring software allows a hacker to execute arbitrary commands.

The vulnerability of the Cacti network monitoring software’s option registerargcargv is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely by injecting a specially crafted URL address...

Medium: composer

Issue Overview: Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions...

Amazon Linux 2023 : composer (ALAS2023-2023-384)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-384 advisory. Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code executi...

SUSE CVE-2023-43655

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

Remote Code Execution (RCE)

composer/composer is vulnerable to Remote Code Execution RCE. The vulnerability exists because the registerargcargv is not properly disabled in php.ini, which allows an attacker to inject and execute malicious code through the malicious composer.phar file when publishing a composer.phar to a publ...

Composer Remote Code Execution vulnerability via web-accessible composer.phar

Impact Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Patches 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Workarounds Make sure registerargcargv i...

GHSA-JM6M-4632-36HF Composer Remote Code Execution vulnerability via web-accessible composer.phar

Impact Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Patches 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Workarounds Make sure registerargcargv i...

Remote code execution

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

CVE-2023-43655

Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has registerargcargv enabled in php.ini. Versions 2.6.4, 2.2.22 an...

Remote Code Execution via web-accessible composer

Composer project reports: Description: Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be impacted if PHP also has registerargcargv enabled in php.ini. Workaround: Make sure registerargcargv is disabled in php.ini, and...