In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a critical severity vulnerability CVE-2024-8932 was detected. This vulnerability allows attackers to cause an integer overflow through uncontrolled long string inputs to the ldap_escape() function on 32-bit systems, leading to an out-of-bounds write. To address this issue, users must upgrade to PHP versions 8.1.31, 8.2.26 or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8932.
Read more Web DevelopmentIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-8929 was detected. This vulnerability allows attackers to exploit a malicious MySQL server to force the PHP client to reveal sensitive data from its memory, including information from other users. To address this issue, users must upgrade to PHP versions 8.1.31 or later, 8.2.26, or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8929.
Read more Web DevelopmentIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-11234 was detected. This vulnerability allows attackers to perform HTTP request smuggling due to improper sanitization of the URI when using streams with a proxy and the “request_fulluri” option. This could allow attackers to send arbitrary requests from the server, potentially accessing restricted resources. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11234.
Read more Web DevelopmentIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14 a medium severity vulnerability CVE-2024-11233 was detected. This vulnerability allows attackers to exploit an error in the convert.quoted-printable-decode filter, leading to a buffer overread by one byte. In certain cases, this can cause crashes or disclose content from other memory areas. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11233.
Read more Web DevelopmentIn PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26 and 8.3.* before 8.3.14 a critical severity vulnerability CVE-2024-11236 was detected. This vulnerability allows attackers to exploit long string inputs to cause system crashes or execute malicious actions. To fix this issue, users should upgrade PHP to versions 8.1.31, 8.2.26, or 8.3.14. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-11236.
Read more Web DevelopmentIn PHP versions 8.1 to 8.1.30, 8.2 to 8.2.24, and 8.3 to 8.3.12 a high severity vulnerability related to command injection CVE-2024-8926 was detected. This vulnerability allows attackers to exploit certain non-standard configurations of Windows codepages, potentially enabling them to pass options to the PHP binary being executed. This may result in revealing the source code of scripts or running arbitrary PHP code on the server. To fix this issue, users must upgrade to 8.1.30, 8.2.24, or 8.3.12 versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8926.
Read more Web Development