469 matches found
CVE-2024-5585
The CVE-2024-5585 issue affects PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8. It is a follow-on to CVE-2024-1874: the fix for that vulnerability does not work when the command name includes trailing spaces while using proc_open() with array syntax, enabling potent...
CVE-2024-5585
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command ar...
PHP Security Vulnerabilities
PHP is a scripting language that executes on the server side. A security vulnerability exists in PHP that stems from insufficient escaping, which allows a user to supply parameters to execute arbitrary commands in the Windows shell if the parameters to execute the commands are under the control o...
PHP 8.1.x < 8.1.29 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.1.29. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.29 advisory. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properl...
PHP 8.3.x < 8.3.8 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.3.8. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.3.8 advisory. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properly...
PT-2024-4988 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: PHP versions 8.1. before 8.1.29 PHP versions 8.2. before 8.2.20 PHP versions 8.3. before 8.3.8 Description: The issue arises from insufficient escaping when using the proc open function with array syntax, allowing a malicious user to supply...
AZL-40052 CVE-2024-1874 affecting package php for versions less than 8.3.8-1
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...
CVE-2024-1874
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...
CVE-2024-1874
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open()
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...
CVE-2024-1874
This CVE affects PHP 8.1.x up to before 8.1.28, 8.2.x up to before 8.2.18, and 8.3.x up to before 8.3.5. The root cause is insufficient escaping when using proc_open() with array syntax, allowing a malicious user to pass arguments that can execute arbitrary commands in Windows shell. Impact is re...
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open()
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...
CVE-2024-1874
In PHP versions 8.1. before 8.1.28, 8.2. before 8.2.18, 8.3. before 8.3.5, when using procopen command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands ...
PHP 安全漏洞
PHP is a scripting language in which PHP is executed server-side. A security vulnerability exists in PHP that originates when using the procopen command with array syntax, due to insufficient escaping, which allows a user to supply parameters to execute arbitrary commands in the Windows shell if...
CVE-2023-31702
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1...
The vulnerability of the Windows Shell component of Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the Windows Shell component in Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2022-30222
Windows Shell Remote Code Execution Vulnerability...
CVE-2022-30222
Windows Shell Remote Code Execution Vulnerability...
CVE-2022-30222
Windows Shell Remote Code Execution Vulnerability...
CVE-2022-30222 Windows Shell Remote Code Execution Vulnerability
...