BIT-php-2024-8925

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/php/BIT-php-2024-8925.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-php-2024-8925

Aliases

CVE-2024-8925
GHSA-9pqp-7h25-4f32

Published

2024-10-10T07:14:02.704Z

Modified

2024-10-17T19:39:35.829Z

Summary

[none]

Details

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.

References

https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32

Affected packages

Bitnami / php

Package

Name: php
Purl: pkg:bitnami/php

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.1.30

Introduced

8.2.0

Fixed

8.2.24

Introduced

8.3.0

Fixed

8.3.12