Summary
A number of vulnerabilities were found in PHP, a well-known scripting language interpreter. These vulnerabilities, if exploited, could allow security mechanisms to be circumvented and arbitrary code to be executed on target systems.
Risk
Estimated impact of the vulnerability on the target community: MEDIUM/LOW (64.41/100)1.
Type
- Arbitrary Code Execution
- Security Restrictions Bypass
Affected Products and Versions
PHP
- 8.3.x, versions prior to 8.3.8
- 8.2.x, versions prior to 8.2.20
- 8.1.x, versions prior to 8.1.29
Mitigation Actions
In line with the vendor’s statements, it is recommended that available mitigations be applied by following the guidance given in the security bulletins in the References section.
Unique Vulnerability Identifiers
Only CVEs related to vulnerabilities with ‘high’ severity are listed below:
References
https://www.php.net/ChangeLog-8.php
https://news-web.php.net/php.announce/428
https://news-web.php.net/php.announce/429
https://news-web.php.net/php.announce/430
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoCs, spread of the affected software/devices in the relevant community.
