PHP Versions Before 8.3.14 Vulnerable to MySQL Server Attack
CVE-2024-8929

5.8MEDIUM

Key Information:

Vendor: PHP Group
Status: PHP
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-8929?

A vulnerability has been identified in specific versions of PHP where a malicious MySQL server can exploit the client, leading to the disclosure of heap memory content. This flaw poses a risk as it may reveal data from prior SQL requests and potentially sensitive information belonging to other users sharing the same server environment. Immediate attention and remediation are advisable for affected versions to safeguard user data and maintain system integrity.

Affected Version(s)

PHP 8.1.*

PHP 8.1.* < 8.1.31

PHP 8.2.* < 8.2.24

References

https://github.com/php/php-src/security/advisories/GHSA-h...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Sep 17, 2024

Credit

Sébastien Rolland

PHP Group

What is CVE-2024-8929?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit