Vulnerability Details CVE-2024-5585
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.7%
CVSS Severity
CVSS v3 Score 7.7
References
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://security.netapp.com/advisory/ntap-20240726-0002/
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://security.netapp.com/advisory/ntap-20240726-0002/
- https://www.vicarius.io/vsociety/posts/command-injection-vulnerability-in-php-on-windows-systems-cve-2024-1874-and-cve-2024-5585
Products affected by CVE-2024-5585
-
cpe:2.3:a:php:php:8.1.0
-
cpe:2.3:a:php:php:8.1.1
-
cpe:2.3:a:php:php:8.1.10
-
cpe:2.3:a:php:php:8.1.12
-
cpe:2.3:a:php:php:8.1.13
-
cpe:2.3:a:php:php:8.1.14
-
cpe:2.3:a:php:php:8.1.15
-
cpe:2.3:a:php:php:8.1.16
-
cpe:2.3:a:php:php:8.1.17
-
cpe:2.3:a:php:php:8.1.18
-
cpe:2.3:a:php:php:8.1.19
-
cpe:2.3:a:php:php:8.1.2
-
cpe:2.3:a:php:php:8.1.20
-
cpe:2.3:a:php:php:8.1.21
-
cpe:2.3:a:php:php:8.1.22
-
cpe:2.3:a:php:php:8.1.23
-
cpe:2.3:a:php:php:8.1.24
-
cpe:2.3:a:php:php:8.1.25
-
cpe:2.3:a:php:php:8.1.26
-
cpe:2.3:a:php:php:8.1.27
-
cpe:2.3:a:php:php:8.1.28
-
cpe:2.3:a:php:php:8.1.3
-
cpe:2.3:a:php:php:8.1.4
-
cpe:2.3:a:php:php:8.1.5
-
cpe:2.3:a:php:php:8.1.6
-
cpe:2.3:a:php:php:8.1.7
-
cpe:2.3:a:php:php:8.1.8
-
cpe:2.3:a:php:php:8.1.9
-
cpe:2.3:a:php:php:8.2.0
-
cpe:2.3:a:php:php:8.2.1
-
cpe:2.3:a:php:php:8.2.10
-
cpe:2.3:a:php:php:8.2.11
-
cpe:2.3:a:php:php:8.2.12
-
cpe:2.3:a:php:php:8.2.13
-
cpe:2.3:a:php:php:8.2.14
-
cpe:2.3:a:php:php:8.2.15
-
cpe:2.3:a:php:php:8.2.16
-
cpe:2.3:a:php:php:8.2.17
-
cpe:2.3:a:php:php:8.2.18
-
cpe:2.3:a:php:php:8.2.19
-
cpe:2.3:a:php:php:8.2.2
-
cpe:2.3:a:php:php:8.2.3
-
cpe:2.3:a:php:php:8.2.4
-
cpe:2.3:a:php:php:8.2.5
-
cpe:2.3:a:php:php:8.2.6
-
cpe:2.3:a:php:php:8.2.7
-
cpe:2.3:a:php:php:8.2.8
-
cpe:2.3:a:php:php:8.2.9
-
cpe:2.3:a:php:php:8.3.0
-
cpe:2.3:a:php:php:8.3.1
-
cpe:2.3:a:php:php:8.3.2
-
cpe:2.3:a:php:php:8.3.3
-
cpe:2.3:a:php:php:8.3.4
-
cpe:2.3:a:php:php:8.3.5
-
cpe:2.3:a:php:php:8.3.6
-
cpe:2.3:a:php:php:8.3.7
-
cpe:2.3:o:fedoraproject:fedora:40