BIT-php-2024-8926

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/php/BIT-php-2024-8926.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-php-2024-8926
Aliases
Published
2024-10-10T07:13:56.902Z
Modified
2024-10-17T19:39:35.829Z
Summary
[none]
Details

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Database specific
{
    "cpes": [
        "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / php

Package

Name
php
Purl
pkg:bitnami/php

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.1.30
Introduced
8.2.0
Fixed
8.2.24
Introduced
8.3.0
Fixed
8.3.12