Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 29/04/2024 Updated: 29/04/2024

In PHP versions 8.1.* prior to 8.1.28, 8.2.* prior to 8.2.18, 8.3.* prior to 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.

oss-sec mailing list archives   By Date By Thread </form>    PHP security releases 8128, 8218, & 836   From: Alan Coopersmit ...

investigating the BatBadBut vulnerability,

outcome of the here implemented batbadbut_incsharpexe > batbadbut_incsharpexe Hello! I am going to run following command Guess what will happen ;-) cmd /C echo "\"&calcexe" See? The calcexe was started on your computer Bye! Press any key to stop this console program "\" BatBadBut vulnar

https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 https://nvd.nist.gov https://github.com/michalsvoboda76/batbadbut https://www.kb.cert.org/vuls/id/123335

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2024-1874

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect