CVE-2024-8926

CVSS V2 None CVSS V3 None
Description
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Overview
  • CVE ID
  • CVE-2024-8926
  • Assigner
  • php
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-10-08T03:48:53.628Z
  • Last Modified Date
  • 2024-10-08T03:48:53.628Z
References
History
Created Old Value New Value Data Type Notes
2024-10-08 13:11:48 Added to TrackCVE