CVE-2024-4577 Vulnerability in PHP Could Allow Command Injection and Source Code Revelation
CVE-2024-8926
8.8HIGH
What is CVE-2024-8926?
In certain configurations involving non-standard Windows codepages, vulnerabilities in specific versions of PHP may allow attackers to exploit command injection weaknesses. These weaknesses can lead to unauthorized access to PHP binary options, enabling malicious actors to reveal script source code or execute arbitrary PHP code on affected servers. This threat underscores the importance of strict configuration management and regular updates for PHP installations.
Affected Version(s)
PHP Windows 8.1.*
PHP Windows 8.1.* < 8.1.30
PHP Windows 8.2.* < 8.2.24