Description

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

INFO

Published Date :

2024-10-08T03:48:53.628Z

Last Modified :

2025-11-03T22:33:06.473Z

Source :

php
AFFECTED PRODUCTS

The following products are affected by CVE-2024-8926 vulnerability.

Vendors Products
Php
  • Php
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-8926.

URL Resource
https://github.com/php/php-src/commit/abcfd980bfa03298792fd3aba051c78d52f10642 cve-icon
https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-8926 cve-icon
https://security.netapp.com/advisory/ntap-20241101-0003/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-8926 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact