Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
Vulnerability Description
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
PHP 安全漏洞
Vulnerability Description
PHP是PHP的一种在服务器端执行的脚本语言。 PHP 8.1.29之前版本、8.2.20之前版本和8.3.8之前版本存在安全漏洞,该漏洞源于在使用非标准配置的Windows代码页时配置不当,该配置通过注册表指向OEM代码页,且这种配置在实际环境中不太可能发生。
CVSS Information
N/A
Vulnerability Type
N/A