{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8926", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "state": "PUBLISHED", "assignerShortName": "php", "dateReserved": "2024-09-17T04:06:56.550Z", "datePublished": "2024-10-08T03:48:53.628Z", "dateUpdated": "2024-10-08T13:52:37.171Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["Windows"], "product": "PHP", "vendor": "PHP Group", "versions": [{"lessThan": "8.1.30", "status": "affected", "version": "8.1.*", "versionType": "semver"}, {"lessThan": "8.2.24", "status": "affected", "version": "8.2.*", "versionType": "semver"}, {"lessThan": "8.3.12", "status": "affected", "version": "8.3.*", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "https://github.com/MortalAndTry"}], "datePublic": "2024-09-27T17:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">when using a certain non-standard configurations of Windows codepages, the fixes for&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/advisories/GHSA-vxpp-6299-mxw3\">CVE-2024-4577</a>&nbsp;may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.</span></span><br>"}], "value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc."}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-10-08T03:48:53.628Z"}, "references": [{"url": "https://github.com/advisories/GHSA-vxpp-6299-mxw3"}], "source": {"discovery": "EXTERNAL"}, "title": "PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "php", "product": "php", "cpes": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8.1.0", "status": "affected", "lessThan": "8.1.30", "versionType": "semver"}, {"version": "8.2.0", "status": "affected", "lessThan": "8.2.24", "versionType": "semver"}, {"version": "8.3.0", "status": "affected", "lessThan": "8.3.12", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-08T12:55:27.311454Z", "id": "CVE-2024-8926", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T13:52:37.171Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8926", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-08T12:55:27.311454Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"], "vendor": "php", "product": "php", "versions": [{"status": "affected", "version": "8.1.0", "lessThan": "8.1.30", "versionType": "semver"}, {"status": "affected", "version": "8.2.0", "lessThan": "8.2.24", "versionType": "semver"}, {"status": "affected", "version": "8.3.0", "lessThan": "8.3.12", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-08T12:56:09.856Z"}}], "cna": {"title": "PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "https://github.com/MortalAndTry"}], "impacts": [{"capecId": "CAPEC-88", "descriptions": [{"lang": "en", "value": "CAPEC-88 OS Command Injection"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "PHP Group", "product": "PHP", "versions": [{"status": "affected", "version": "8.1.*", "lessThan": "8.1.30", "versionType": "semver"}, {"status": "affected", "version": "8.2.*", "lessThan": "8.2.24", "versionType": "semver"}, {"status": "affected", "version": "8.3.*", "lessThan": "8.3.12", "versionType": "semver"}], "platforms": ["Windows"], "defaultStatus": "affected"}], "datePublic": "2024-09-27T17:50:00.000Z", "references": [{"url": "https://github.com/advisories/GHSA-vxpp-6299-mxw3"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.", "supportingMedia": [{"type": "text/html", "value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">when using a certain non-standard configurations of Windows codepages, the fixes for&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/advisories/GHSA-vxpp-6299-mxw3\">CVE-2024-4577</a>&nbsp;may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.</span></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "providerMetadata": {"orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php", "dateUpdated": "2024-10-08T03:48:53.628Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8926", "state": "PUBLISHED", "dateUpdated": "2024-10-08T13:52:37.171Z", "dateReserved": "2024-09-17T04:06:56.550Z", "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "datePublished": "2024-10-08T03:48:53.628Z", "assignerShortName": "php"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AB97B3F-78E0-412D-A29A-2086C84EC2A2", "versionEndExcluding": "8.1.30", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", "matchCriteriaId": "30CA7A9A-B2B8-4A3E-981B-E94536DAFD89", "versionEndExcluding": "8.2.24", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F7936E2-4290-48A4-A857-929E9CEDBDF5", "versionEndExcluding": "8.3.12", "versionStartIncluding": "8.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc."}, {"lang": "es", "value": "En las versiones de PHP 8.1.* anteriores a 8.1.30, 8.2.* anteriores a 8.2.24, 8.3.* anteriores a 8.3.12, al utilizar ciertas configuraciones no est\u00e1ndar de p\u00e1ginas de c\u00f3digos de Windows, las correcciones para CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 a\u00fan se pueden omitir y se puede lograr la misma inyecci\u00f3n de comandos relacionada con el comportamiento de la p\u00e1gina de c\u00f3digos \"Best Fit\" de Windows. Esto puede permitir que un usuario malintencionado pase opciones al binario PHP que se est\u00e1 ejecutando y, por lo tanto, revele el c\u00f3digo fuente de los scripts, ejecute c\u00f3digo PHP arbitrario en el servidor, etc."}], "id": "CVE-2024-8926", "lastModified": "2024-10-16T18:35:59.500", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@php.net", "type": "Secondary"}]}, "published": "2024-10-08T04:15:10.637", "references": [{"source": "security@php.net", "tags": ["Third Party Advisory"], "url": "https://github.com/advisories/GHSA-vxpp-6299-mxw3"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@php.net", "type": "Secondary"}]}

{"bugzilla": {"description": "php: PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)", "id": "2317050", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317050"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-78", "details": ["In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12,\u00a0when using a certain non-standard configurations of Windows codepages, the fixes for\u00a0 CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 \u00a0may still be bypassed and the same command injection related to Windows \"Best Fit\" codepage behavior can be achieved. This\u00a0may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.", "A flaw was found in PHP that bypasses the fix implemented in CVE-2024-4577 when using a non-standard configuration of Windows codepages, only obtainable through the registry by pointing the ACP codepage to an OEM codepage. The required configuration is unlikely to occur in a real environment."], "name": "CVE-2024-8926", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:7.4/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:8.0/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php:8.1/php", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "php:8.2/php", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-07T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-8926\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-8926\nhttps://github.com/php/php-src/commit/abcfd980bfa03298792fd3aba051c78d52f10642\nhttps://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq"], "statement": "No Red Hat products are affected by this vulnerability.", "threat_severity": "Important"}