CVE-2024-8926

{"id": "CVE-2024-8926", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@php.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2024-10-08T04:15:10.637", "references": [{"url": "https://github.com/advisories/GHSA-vxpp-6299-mxw3", "tags": ["Third Party Advisory"], "source": "security@php.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "security@php.net", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc."}, {"lang": "es", "value": "En las versiones de PHP 8.1.* anteriores a 8.1.30, 8.2.* anteriores a 8.2.24, 8.3.* anteriores a 8.3.12, al utilizar ciertas configuraciones no est\u00e1ndar de p\u00e1ginas de c\u00f3digos de Windows, las correcciones para CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 a\u00fan se pueden omitir y se puede lograr la misma inyecci\u00f3n de comandos relacionada con el comportamiento de la p\u00e1gina de c\u00f3digos \"Best Fit\" de Windows. Esto puede permitir que un usuario malintencionado pase opciones al binario PHP que se est\u00e1 ejecutando y, por lo tanto, revele el c\u00f3digo fuente de los scripts, ejecute c\u00f3digo PHP arbitrario en el servidor, etc."}], "lastModified": "2024-10-16T18:35:59.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AB97B3F-78E0-412D-A29A-2086C84EC2A2", "versionEndExcluding": "8.1.30", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30CA7A9A-B2B8-4A3E-981B-E94536DAFD89", "versionEndExcluding": "8.2.24", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F7936E2-4290-48A4-A857-929E9CEDBDF5", "versionEndExcluding": "8.3.12", "versionStartIncluding": "8.3.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@php.net"}