CVE-2024-1874

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Configurations

No configuration.

History

13 Feb 2025, 18:16

Type Values Removed Values Added
Summary (en) In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.  (en) In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

21 Nov 2024, 08:51

Type Values Removed Values Added
References
  • () https://www.vicarius.io/vsociety/posts/command-injection-vulnerability-in-php-on-windows-systems-cve-2024-1874-and-cve-2024-5585 -
References () http://www.openwall.com/lists/oss-security/2024/04/12/11 - () http://www.openwall.com/lists/oss-security/2024/04/12/11 -
References () http://www.openwall.com/lists/oss-security/2024/06/07/1 - () http://www.openwall.com/lists/oss-security/2024/06/07/1 -
References () https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 - () https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ -
References () https://security.netapp.com/advisory/ntap-20240510-0009/ - () https://security.netapp.com/advisory/ntap-20240510-0009/ -

13 Jun 2024, 04:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ -

12 Jun 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/06/07/1 -
  • () https://security.netapp.com/advisory/ntap-20240510-0009/ -

01 May 2024, 17:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/04/12/11 -
Summary
  • (es) En las versiones de PHP 8.1.* anteriores a 8.1.28, 8.2.* anteriores a 8.2.18, 8.3.* anteriores a 8.3.5, cuando se utiliza el comando proc_open() con sintaxis de matriz, debido a un escape insuficiente, si los argumentos del comando ejecutado son controlado por un usuario malintencionado, el usuario puede proporcionar argumentos que ejecutarían comandos arbitrarios en el shell de Windows.

29 Apr 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-29 04:15

Updated : 2025-02-13 18:16


NVD link : CVE-2024-1874

Mitre link : CVE-2024-1874

CVE.ORG link : CVE-2024-1874


JSON object : View

Products Affected

No product.

CWE
CWE-116

Improper Encoding or Escaping of Output