bypass CVE-2024-1874

Kurzinfo

Veroeffentlicht: 2024-06-09 18:37 UTC Importiert: 2026-05-14 18:44 UTC CVSS: 9.4 Quelle-ID: php_sec uid_hash: acb0dda280a450300a889e4a892ebc807d34a7faa98914aa9ca61a26e3bc179a

PHP Security (php/php-src GHSA)

Inhalt

Summary

same as CVE-2024-1874

due to the improper handling of command line arguments on Windows, maliciously crafted arguments can inject arbitrary commands even if the bypass_shell option is enabled.

Details

Add a space at the end of filename, others are the same as CVE-2024-1874

PoC

Save the following file as test.bat

echo hello

Save the following file as 1.php, notiece the space at the end of argv-filename

proc_close($proc);

Run it with PHP and confirm that notepad.exe is popped up.

Impact

Malicious command line arguments in windows platform

Verknuepfte CVEs

CVE-ID	Severity (CVE.org)	CVSS (CVE.org)	EPSS	EPSS-%	Veroeffentlicht (CVE.org)
CVE-2024-1874	CRITICAL	9.4	-	-	2024-04-29
CVE-2024-5585	-	-	-	-

Quellen-Details

Bezeichnung	Name	Kategorie	Tags	Zielgruppe	Sprache	Feed-URL
PHP Security (php/php-src GHSA)	php_sec	vendor_advisory	php, runtime	-	de	https://github.com/php/php-src/security/advisories

Zurueck zur Eintrags-Liste