CVE-2024-1874

high-risk

Published 2024-04-29

In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

Do I need to act?

63.4% chance of exploitation in next 30 days

EPSS score — higher than 37% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.4/10 Critical

NETWORK / LOW complexity

Affected Products (3)

Php

Fedora

Affected Vendors

Php Fedoraproject

References (16)

Mailing List http://www.openwall.com/lists/oss-security/2024/04/12/11

Mailing List http://www.openwall.com/lists/oss-security/2024/06/07/1

Exploit https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Third Party Advisory https://security.netapp.com/advisory/ntap-20240510-0009/

Mailing List http://www.openwall.com/lists/oss-security/2024/04/12/11

Mailing List http://www.openwall.com/lists/oss-security/2024/06/07/1

Exploit https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Third Party Advisory https://security.netapp.com/advisory/ntap-20240510-0009/

https://www.kb.cert.org/vuls/id/123335

Exploit https://www.vicarius.io/vsociety/posts/command-injection-vulnerability-in-php-on...

/ 100

high-risk

Severity 31/34 · Critical

Exploitability 19/34 · Moderate

Exposure 9/34 · Low