|
1 | 1 | { |
2 | | - "lastUpdatedDate": "2024-06-11T02:04:27+0000", |
| 2 | + "lastUpdatedDate": "2024-06-11T13:25:43+0000", |
3 | 3 | "name": "PHP Version Audit", |
4 | 4 | "website": "https://github.com/lightswitch05/php-version-audit", |
5 | 5 | "licence": "https://github.com/lightswitch05/php-version-audit/blob/master/LICENSE", |
|
3599 | 3599 | "id": "CVE-2012-1823", |
3600 | 3600 | "baseScore": 7.5, |
3601 | 3601 | "publishedDate": "2012-05-11T10:15:00+0000", |
3602 | | - "lastModifiedDate": "2018-01-18T02:29:00+0000", |
| 3602 | + "lastModifiedDate": "2024-06-10T17:16:00+0000", |
3603 | 3603 | "description": "sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case." |
3604 | 3604 | }, |
3605 | 3605 | "CVE-2012-2143": { |
|
5657 | 5657 | "id": "CVE-2024-1874", |
5658 | 5658 | "baseScore": null, |
5659 | 5659 | "publishedDate": "2024-04-29T04:15:00+0000", |
5660 | | - "lastModifiedDate": "2024-05-01T17:15:00+0000", |
| 5660 | + "lastModifiedDate": "2024-06-10T17:16:00+0000", |
5661 | 5661 | "description": "In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.\u00a0\n\n" |
5662 | 5662 | }, |
5663 | 5663 | "CVE-2024-2756": { |
5664 | 5664 | "id": "CVE-2024-2756", |
5665 | 5665 | "baseScore": null, |
5666 | 5666 | "publishedDate": "2024-04-29T04:15:00+0000", |
5667 | | - "lastModifiedDate": "2024-05-08T01:15:00+0000", |
| 5667 | + "lastModifiedDate": "2024-06-10T18:15:00+0000", |
5668 | 5668 | "description": "Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host-\u00a0or __Secure-\u00a0cookie by PHP applications.\u00a0\n" |
5669 | 5669 | }, |
5670 | 5670 | "CVE-2024-2757": { |
5671 | 5671 | "id": "CVE-2024-2757", |
5672 | 5672 | "baseScore": null, |
5673 | 5673 | "publishedDate": "2024-04-29T04:15:00+0000", |
5674 | | - "lastModifiedDate": "2024-05-01T17:15:00+0000", |
| 5674 | + "lastModifiedDate": "2024-06-10T17:16:00+0000", |
5675 | 5675 | "description": "In PHP 8.3.* before 8.3.5, function\u00a0mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.\u00a0\n\n" |
5676 | 5676 | }, |
5677 | 5677 | "CVE-2024-3096": { |
5678 | 5678 | "id": "CVE-2024-3096", |
5679 | 5679 | "baseScore": null, |
5680 | 5680 | "publishedDate": "2024-04-29T04:15:00+0000", |
5681 | | - "lastModifiedDate": "2024-05-08T01:15:00+0000", |
| 5681 | + "lastModifiedDate": "2024-06-10T18:15:00+0000", |
5682 | 5682 | "description": "In PHP\u00a0 version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if\u00a0a password stored with password_hash() starts with a null byte (\\x00), testing a blank string as the password via password_verify() will incorrectly return true.\n\n" |
5683 | 5683 | }, |
5684 | 5684 | "CVE-2024-4577": { |
5685 | 5685 | "id": "CVE-2024-4577", |
5686 | | - "baseScore": null, |
| 5686 | + "baseScore": 9.8, |
5687 | 5687 | "publishedDate": "2024-06-09T20:15:00+0000", |
5688 | | - "lastModifiedDate": "2024-06-10T03:15:00+0000", |
| 5688 | + "lastModifiedDate": "2024-06-10T17:16:00+0000", |
5689 | 5689 | "description": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc." |
5690 | 5690 | }, |
5691 | 5691 | "CVE-2024-5458": { |
5692 | 5692 | "id": "CVE-2024-5458", |
5693 | 5693 | "baseScore": null, |
5694 | 5694 | "publishedDate": "2024-06-09T19:15:00+0000", |
5695 | | - "lastModifiedDate": "2024-06-10T02:52:00+0000", |
| 5695 | + "lastModifiedDate": "2024-06-10T17:16:00+0000", |
5696 | 5696 | "description": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs\u00a0(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly." |
5697 | 5697 | }, |
5698 | 5698 | "CVE-2024-5585": { |
5699 | 5699 | "id": "CVE-2024-5585", |
5700 | 5700 | "baseScore": null, |
5701 | 5701 | "publishedDate": "2024-06-09T19:15:00+0000", |
5702 | | - "lastModifiedDate": "2024-06-10T02:52:00+0000", |
| 5702 | + "lastModifiedDate": "2024-06-10T17:16:00+0000", |
5703 | 5703 | "description": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for\u00a0CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue:\u00a0when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell." |
5704 | 5704 | } |
5705 | 5705 | } |
|
0 commit comments