Lucene search
Ubuntu.comUB:CVE-2024-1874HistoryApr 29, 2024 - 12:00 a.m.
CVE-2024-1874
2024-04-2900:00:00
ubuntu.com
ubuntu.com
38
command injection
proc_open
array-ish parameter
windows
debian
pear
php
In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before
8.3.5, when using proc_open() command with array syntax, due to
insufficient escaping, if the arguments of the executed command are
controlled by a malicious user, the user can supply arguments that would
execute arbitrary commands in Windows shell.
Notes
| Author | Note |
|---|---|
| leosilva | from debian “Only affects improper handling of command line arguments on Windows” |
| sbeattie | PEAR issues should go against php-pear as of xenial |
References
Related
redhatcve
redhatcve
CVE-2024-1874
2024-04-15 14:50:00
cvelist
cvelist
osv
osv
CVE-2024-1874
2024-04-29 04:15:07
process: command injection via argument list on Windows
2024-04-09 22:14:47
debiancve
debiancve
CVE-2024-1874
2024-04-29 04:15:07
alpinelinux
alpinelinux
CVE-2024-1874
2024-04-29 04:15:07
cve
cve
CVE-2024-1874
2024-04-29 04:15:07
openvas
openvas
Slackware: Security Advisory (SSA:2024-103-01)
2024-04-15 00:00:00
Mageia: Security Advisory (MGASA-2024-0132)
2024-04-15 00:00:00
nessus
nessus
PHP 8.2.x < 8.2.18 Multiple Vulnerabilities
2024-04-11 00:00:00
PHP 8.1.x < 8.1.28 Multiple Vulnerabilities
2024-04-12 00:00:00
cert
cert
mageia
mageia
Updated php packages fix security vulnerabilities
2024-04-13 19:56:38
slackware
slackware
[slackware-security] php
2024-04-12 19:36:41
fedora
fedora
[SECURITY] Fedora 39 Update: php-8.2.18-1.fc39
2024-04-19 01:18:35
[SECURITY] Fedora 38 Update: php-8.2.18-1.fc38
2024-04-19 02:53:20
[SECURITY] Fedora 40 Update: php-8.3.6-1.fc40
2024-04-19 21:43:53
freebsd
freebsd
php -- Multiple vulnerabilities
2024-04-11 00:00:00
thn
thn
Critical 'BatBadBut' Rust Vulnerability Exposes Windows Systems to Attacks
2024-04-10 03:05:00