Summary
A number of vulnerabilities were found in PHP, a well-known scripting language interpreter. These vulnerabilities, if exploited, could allow security mechanisms to be circumvented and arbitrary code to be executed on target systems.
Note (updated 10/06/2024): A Proof of Concept (PoC) for the exploitation of CVE-2024-4577 is available on the net.
Risk – (updated 10/06/2024)
Estimated impact of the vulnerability on the target community: Serious/RED (77.05/100)1.
Type
- Arbitrary Code Execution
- Security Restrictions Bypass
Affected products and versions
PHP
- 8.3.x, versions prior to 8.3.8
- 8.2.x, versions prior to 8.2.20
- 8.1.x, versions prior to 8.1.29
Mitigation Actions
In line with the vendor’s statements, it is recommended that available mitigations should be applied by following the guidance given in the security bulletins in the References section.
Unique Vulnerability Identifiers
Only CVEs related to vulnerabilities with ‘high’ severity are listed below:
References
https://www.php.net/ChangeLog-8.php
https://news-web.php.net/php.announce/428
https://news-web.php.net/php.announce/429
https://news-web.php.net/php.announce/430
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workaround and PoC, diffusion of the affected software/devices in the reference community.
