PHP Versions Before 8.3.14 Vulnerable to MySQL Server Attack
CVE-2024-8929

5.8MEDIUM

Key Information:

Vendor: PHP Group
Status: PHP
Vendor: CVE Published:; 22 November 2024

Summary

A vulnerability has been identified in specific versions of PHP where a malicious MySQL server can exploit the client, leading to the disclosure of heap memory content. This flaw poses a risk as it may reveal data from prior SQL requests and potentially sensitive information belonging to other users sharing the same server environment. Immediate attention and remediation are advisable for affected versions to safeguard user data and maintain system integrity.

Affected Version(s)

PHP 8.1.*

PHP 8.1.* < 8.1.31

PHP 8.2.* < 8.2.24

References

https://github.com/php/php-src/security/advisories/GHSA-h...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 22, 2024
Vulnerability Reserved
Sep 17, 2024

Credit

Sébastien Rolland