2 matches found
BIT-LIBPHP-2024-5585 Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...
CVE-2024-1874
creationtimestamp| type| source ---|---|--- 2024-04-15 15:02:52+00:00| seen| https://t.me/cultofwire/1255 2024-07-18 15:28:53+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8020 2025-11-20 10:52:56+00:00| seen| https://bsky.app/profile/ferramentaslinux.bsky.social/post/3m62lztqs2s2...