Vulnerabilites related to php-fpm - php-fpm
cve-2024-8925
Vulnerability from cvelistv5
Published
2024-10-08 03:35
Modified
2025-03-17 17:56
Severity ?
EPSS score ?
Summary
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "php", vendor: "php", versions: [ { lessThan: "8.1.30", status: "affected", version: "8.1.0", versionType: "semver", }, { lessThan: "8.2.24", status: "affected", version: "8.2.0", versionType: "semver", }, { lessThan: "8.3.12", status: "affected", version: "8.3.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8925", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T12:56:50.614930Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-17T17:56:24.654Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "PHP", vendor: "PHP Group", versions: [ { lessThan: "8.1.30", status: "affected", version: "8.1.*", versionType: "semver", }, { lessThan: "8.2.24", status: "affected", version: "8.2.*", versionType: "semver", }, { lessThan: "8.3.12", status: "affected", version: "8.3.*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Mihail Kirov", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>In PHP versions<span style=\"background-color: var(--wht);\"> 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, e</span>rroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. </p><br><br>", }, ], value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.", }, ], impacts: [ { capecId: "CAPEC-153", descriptions: [ { lang: "en", value: "CAPEC-153 Input Data Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T03:35:02.673Z", orgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", shortName: "php", }, references: [ { url: "https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32", }, ], source: { discovery: "EXTERNAL", }, title: "Erroneous parsing of multipart form data", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", assignerShortName: "php", cveId: "CVE-2024-8925", datePublished: "2024-10-08T03:35:02.673Z", dateReserved: "2024-09-17T03:59:29.523Z", dateUpdated: "2025-03-17T17:56:24.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2015-3211
Vulnerability from cvelistv5
Published
2017-08-25 18:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1228721 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T05:39:31.808Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228721", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2015-06-05T00:00:00", descriptions: [ { lang: "en", value: "php-fpm allows local users to write to or create arbitrary files via a symlink attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-25T17:57:02", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228721", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2015-3211", datePublished: "2017-08-25T18:00:00", dateReserved: "2015-04-10T00:00:00", dateUpdated: "2024-08-06T05:39:31.808Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-9026
Vulnerability from cvelistv5
Published
2024-10-08 04:07
Modified
2024-10-08 13:52
Severity ?
EPSS score ?
Summary
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "php", vendor: "php", versions: [ { lessThan: "8.1.30", status: "affected", version: "8.1.0", versionType: "semver", }, { lessThan: "8.2.24", status: "affected", version: "8.2.0", versionType: "semver", }, { lessThan: "8.3.12", status: "affected", version: "8.3.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-9026", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T12:47:58.418408Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T13:52:08.340Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PHP", vendor: "PHP Group", versions: [ { lessThan: "8.1.30", status: "affected", version: "8.1.*", versionType: "semver", }, { lessThan: "8.2.24", status: "affected", version: "8.2.*", versionType: "semver", }, { lessThan: "8.3.12", status: "affected", version: "8.3.*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "Sébastien Rolland", }, ], datePublic: "2024-09-27T17:50:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if <span style=\"background-color: rgb(255, 255, 255);\">PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability. </span><br>", }, ], value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.", }, ], impacts: [ { capecId: "CAPEC-268", descriptions: [ { lang: "en", value: "CAPEC-268 Audit Log Manipulation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-158", description: "CWE-158: Improper Neutralization of Null Byte or NUL Character", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-117", description: "CWE-117: Improper Output Neutralization for Logs", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T04:07:33.452Z", orgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", shortName: "php", }, references: [ { url: "https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5", }, ], source: { discovery: "EXTERNAL", }, title: "PHP-FPM logs from children may be altered", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", assignerShortName: "php", cveId: "CVE-2024-9026", datePublished: "2024-10-08T04:07:33.452Z", dateReserved: "2024-09-20T00:15:42.321Z", dateUpdated: "2024-10-08T13:52:08.340Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8927
Vulnerability from cvelistv5
Published
2024-10-08 03:56
Modified
2025-03-18 16:16
Severity ?
EPSS score ?
Summary
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "php", vendor: "php", versions: [ { lessThan: "8.1.30", status: "affected", version: "8.1.0", versionType: "semver", }, { lessThan: "8.2.24", status: "affected", version: "8.2.0", versionType: "semver", }, { lessThan: "8.3.12", status: "affected", version: "8.3.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8927", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T12:50:40.800289Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1220", description: "CWE-1220 Insufficient Granularity of Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-18T16:16:00.693Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "PHP", vendor: "PHP Group", versions: [ { lessThan: "8.1.30", status: "affected", version: "8.1.*", versionType: "semver", }, { lessThan: "8.2.24", status: "affected", version: "8.2.*", versionType: "semver", }, { lessThan: "8.3.12", status: "affected", version: "8.3.*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Owen Gong", }, { lang: "en", type: "finder", value: "RyotaK", }, ], datePublic: "2024-09-27T17:50:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP. ", }, ], value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.", }, ], impacts: [ { capecId: "CAPEC-252", descriptions: [ { lang: "en", value: "CAPEC-252 PHP Local File Inclusion", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T03:56:31.849Z", orgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", shortName: "php", }, references: [ { url: "https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp", }, ], source: { discovery: "EXTERNAL", }, title: "cgi.force_redirect configuration is bypassable due to the environment variable collision", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", assignerShortName: "php", cveId: "CVE-2024-8927", datePublished: "2024-10-08T03:56:31.849Z", dateReserved: "2024-09-17T04:09:57.362Z", dateUpdated: "2025-03-18T16:16:00.693Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8926
Vulnerability from cvelistv5
Published
2024-10-08 03:48
Modified
2025-04-24 21:12
Severity ?
EPSS score ?
Summary
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "php", vendor: "php", versions: [ { lessThan: "8.1.30", status: "affected", version: "8.1.0", versionType: "semver", }, { lessThan: "8.2.24", status: "affected", version: "8.2.0", versionType: "semver", }, { lessThan: "8.3.12", status: "affected", version: "8.3.0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8926", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-08T12:55:27.311454Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-08T13:52:37.171Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", platforms: [ "Windows", ], product: "PHP", vendor: "PHP Group", versions: [ { lessThan: "8.1.30", status: "affected", version: "8.1.*", versionType: "semver", }, { lessThan: "8.2.24", status: "affected", version: "8.2.*", versionType: "semver", }, { lessThan: "8.3.12", status: "affected", version: "8.3.*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "https://github.com/MortalAndTry", }, ], datePublic: "2024-09-27T17:50:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, <span style=\"background-color: rgb(255, 255, 255);\">when using a certain non-standard configurations of Windows codepages, the fixes for <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/advisories/GHSA-vxpp-6299-mxw3\">CVE-2024-4577</a> may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This <span style=\"background-color: rgb(255, 255, 255);\">may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.</span></span><br>", }, ], value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.", }, ], impacts: [ { capecId: "CAPEC-88", descriptions: [ { lang: "en", value: "CAPEC-88 OS Command Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-78", description: "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-24T21:12:33.554Z", orgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", shortName: "php", }, references: [ { url: "https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq", }, ], source: { advisory: "https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp", discovery: "EXTERNAL", }, title: "PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "dd77f84a-d19a-4638-8c3d-a322d820ed2b", assignerShortName: "php", cveId: "CVE-2024-8926", datePublished: "2024-10-08T03:48:53.628Z", dateReserved: "2024-09-17T04:06:56.550Z", dateUpdated: "2025-04-24T21:12:33.554Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2017-08-25 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
php-fpm allows local users to write to or create arbitrary files via a symlink attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1228721 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1228721 | Issue Tracking, Third Party Advisory, VDB Entry |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php-fpm:php-fpm:-:*:*:*:*:*:*:*", matchCriteriaId: "76134B1F-9147-4E02-A646-2FB75A13ACB1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "php-fpm allows local users to write to or create arbitrary files via a symlink attack.", }, { lang: "es", value: "php-fpm permite que usuarios locales escriban o creen archivos arbitrarios mediante un ataque symlink.", }, ], id: "CVE-2015-3211", lastModified: "2025-04-20T01:37:25.860", metrics: { cvssMetricV2: [ { acInsufInfo: true, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-08-25T18:29:00.683", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228721", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", "VDB Entry", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1228721", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-08 04:15
Modified
2025-03-18 17:15
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@php.net | https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "3AB97B3F-78E0-412D-A29A-2086C84EC2A2", versionEndExcluding: "8.1.30", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "30CA7A9A-B2B8-4A3E-981B-E94536DAFD89", versionEndExcluding: "8.2.24", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "8F7936E2-4290-48A4-A857-929E9CEDBDF5", versionEndExcluding: "8.3.12", versionStartIncluding: "8.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.", }, { lang: "es", value: "En las versiones de PHP 8.1.* anteriores a 8.1.30, 8.2.* anteriores a 8.2.24, 8.3.* anteriores a 8.3.12, la variable HTTP_REDIRECT_STATUS se utiliza para comprobar si el servidor HTTP está ejecutando o no el binario CGI. Sin embargo, en determinados escenarios, el remitente de la solicitud puede controlar el contenido de esta variable a través de los encabezados HTTP, lo que puede provocar que la opción cgi.force_redirect no se aplique correctamente. En determinadas configuraciones, esto puede provocar la inclusión arbitraria de archivos en PHP.", }, ], id: "CVE-2024-8927", lastModified: "2025-03-18T17:15:44.707", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@php.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-08T04:15:10.867", references: [ { source: "security@php.net", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/php/php-src/security/advisories/GHSA-94p6-54jq-9mwp", }, ], sourceIdentifier: "security@php.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-1220", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-08 04:15
Modified
2024-10-16 18:30
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@php.net | https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "3AB97B3F-78E0-412D-A29A-2086C84EC2A2", versionEndExcluding: "8.1.30", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "30CA7A9A-B2B8-4A3E-981B-E94536DAFD89", versionEndExcluding: "8.2.24", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "8F7936E2-4290-48A4-A857-929E9CEDBDF5", versionEndExcluding: "8.3.12", versionStartIncluding: "8.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.", }, { lang: "es", value: "En las versiones de PHP 8.1.* anteriores a 8.1.30, 8.2.* anteriores a 8.2.24, 8.3.* anteriores a 8.3.12, cuando se utiliza PHP-FPM SAPI y está configurado para capturar la salida de los trabajadores mediante catch_workers_output = yes, es posible contaminar el registro final o eliminar hasta 4 caracteres de los mensajes de registro manipulando el contenido de los mensajes de registro. Además, si PHP-FPM está configurado para utilizar la salida de syslog, es posible eliminar más datos de registro utilizando la misma vulnerabilidad.", }, ], id: "CVE-2024-9026", lastModified: "2024-10-16T18:30:37.133", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "security@php.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 3.3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-08T04:15:11.060", references: [ { source: "security@php.net", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/php/php-src/security/advisories/GHSA-865w-9rf3-2wh5", }, ], sourceIdentifier: "security@php.net", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-117", }, { lang: "en", value: "CWE-158", }, ], source: "security@php.net", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-08 04:15
Modified
2025-04-24 22:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "3AB97B3F-78E0-412D-A29A-2086C84EC2A2", versionEndExcluding: "8.1.30", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "30CA7A9A-B2B8-4A3E-981B-E94536DAFD89", versionEndExcluding: "8.2.24", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "8F7936E2-4290-48A4-A857-929E9CEDBDF5", versionEndExcluding: "8.3.12", versionStartIncluding: "8.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.", }, { lang: "es", value: "En las versiones de PHP 8.1.* anteriores a 8.1.30, 8.2.* anteriores a 8.2.24, 8.3.* anteriores a 8.3.12, al utilizar ciertas configuraciones no estándar de páginas de códigos de Windows, las correcciones para CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 aún se pueden omitir y se puede lograr la misma inyección de comandos relacionada con el comportamiento de la página de códigos \"Best Fit\" de Windows. Esto puede permitir que un usuario malintencionado pase opciones al binario PHP que se está ejecutando y, por lo tanto, revele el código fuente de los scripts, ejecute código PHP arbitrario en el servidor, etc.", }, ], id: "CVE-2024-8926", lastModified: "2025-04-24T22:15:14.663", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.2, impactScore: 5.9, source: "security@php.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-08T04:15:10.637", references: [ { source: "security@php.net", url: "https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq", }, ], sourceIdentifier: "security@php.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-78", }, ], source: "security@php.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-78", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-08 04:15
Modified
2025-03-17 18:15
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@php.net | https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "3AB97B3F-78E0-412D-A29A-2086C84EC2A2", versionEndExcluding: "8.1.30", versionStartIncluding: "8.1.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "30CA7A9A-B2B8-4A3E-981B-E94536DAFD89", versionEndExcluding: "8.2.24", versionStartIncluding: "8.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", matchCriteriaId: "8F7936E2-4290-48A4-A857-929E9CEDBDF5", versionEndExcluding: "8.3.12", versionStartIncluding: "8.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.", }, { lang: "es", value: "En las versiones de PHP 8.1.* anteriores a 8.1.30, 8.2.* anteriores a 8.2.24, 8.3.* anteriores a 8.3.12, el análisis erróneo de los datos de un formulario de varias partes incluidos en una solicitud HTTP POST podría provocar que no se procesen los datos legítimos. Esto podría provocar que un atacante malintencionado capaz de controlar parte de los datos enviados pudiera excluir parte de otros datos, lo que podría provocar un comportamiento erróneo de la aplicación.", }, ], id: "CVE-2024-8925", lastModified: "2025-03-17T18:15:20.433", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 1.4, source: "security@php.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-08T04:15:09.450", references: [ { source: "security@php.net", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32", }, ], sourceIdentifier: "security@php.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-444", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }