CVE-2024-8926
CVSS V2 None
CVSS V3 None
Description
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Overview
- CVE ID
- CVE-2024-8926
- Assigner
- php
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-08T03:48:53.628Z
- Last Modified Date
- 2024-10-08T03:48:53.628Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/advisories/GHSA-vxpp-6299-mxw3 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-8926 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8926 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-10-08 13:11:48 | Added to TrackCVE |