PHP Multiple Vulnerabilities

Release Date: 11 Jun 2024 5693 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Servers - Internet App Servers

TYPE: Internet App Servers

Multiple vulnerabilities were identified in PHP. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

 

Note:

The CVE-2024-4577 vulnerability is being exploited in the wild. This vulnerability allows unauthenticated attackers to conduct argument Injection in PHP-CGI.

This vulnerability affects all versions of PHP installed on the Windows operating system. Please note that the PHP 8.0, PHP 7, and PHP 5 are End-of-Life, No patch is available for PHP 8.0, PHP 7, and PHP 5. All versions of XAMPP installations on Windows are vulnerable by default.

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • PHP version prior to 8.3.8
  • PHP version prior to 8.2.20
  • PHP version prior to 8.1.29

Please note that the PHP 8.0, PHP 7, and PHP 5 are End-of-Life, No patch is available for PHP 8.0, PHP 7, and PHP 5.

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

The vendor has issued a fix: 

  • PHP 8.3.8
  • PHP 8.2.20
  • PHP 8.1.29

Vulnerability Identifier

Source

Related Link

Related Tags

Remote Code ExecutionSecurity Restriction BypassExploit In The Wild

Share with

Previous

Android Multiple Vulnerabilities

4 Jun 2024 3472 Views

Next

ChromeOS Multiple Vulnerabilities

11 Jun 2024 4348 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY