PHP: Command Injection Vulnerability in Windows Codepages - Proactive Insights and Support For Open-Source Applications

In PHP versions 8.1 to 8.1.30, 8.2 to 8.2.24, and 8.3 to 8.3.12 a high severity vulnerability related to command injection CVE-2024-8926 was detected. This vulnerability allows attackers to exploit certain non-standard configurations of Windows codepages, potentially enabling them to pass options to the PHP binary being executed. This may result in revealing the source code of scripts or running arbitrary PHP code on the server. To fix this issue, users must upgrade to 8.1.30, 8.2.24, or 8.3.12 versions. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-8926.