PHP Multiple Vulnerabilities

Multiple vulnerabilities were identified in PHP. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

 

Note:

The CVE-2024-4577 vulnerability is being exploited in the wild. This vulnerability allows unauthenticated attackers to conduct argument Injection in PHP-CGI.

This vulnerability affects all versions of PHP installed on the Windows operating system. Please note that the PHP 8.0, PHP 7, and PHP 5 are End-of-Life, No patch is available for PHP 8.0, PHP 7, and PHP 5. All versions of XAMPP installations on Windows are vulnerable by default.

RISK: Extremely High Risk

TYPE: Servers – Internet App Servers

TYPE: Internet App Servers

Impact

  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • PHP version prior to 8.3.8
  • PHP version prior to 8.2.20
  • PHP version prior to 8.1.29

Please note that the PHP 8.0, PHP 7, and PHP 5 are End-of-Life, No patch is available for PHP 8.0, PHP 7, and PHP 5.


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

The vendor has issued a fix: 

  • PHP 8.3.8
  • PHP 8.2.20
  • PHP 8.1.29

Vulnerability Identifier


Source


Related Link

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.