AI description
CVE-2024-1874 is a command injection vulnerability affecting PHP versions 8.1.x before 8.1.28, 8.2.x before 8.2.18, and 8.3.x before 8.3.5. The vulnerability exists when using the `proc_open()` command with array syntax on Windows systems. Due to insufficient escaping, a malicious user who controls the arguments of the executed command can supply arguments that execute arbitrary commands in the Windows shell. This flaw is specific to Windows environments and involves the `CreateProcess` function implicitly using `cmd.exe` when executing batch files. The complex parsing rules of `cmd.exe` for unescaped arguments allow for command injection if an attacker can control part of the batch file's command arguments. This can lead to unauthorized access, data theft, or full control over the compromised system.
- Description
- In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
- Source
- security@php.net
- NVD status
- Modified
- Products
- php, fedora
CVSS 3.1
- Type
- Secondary
- Base score
- 9.4
- Impact score
- 5.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
- Severity
- CRITICAL
- security@php.net
- CWE-116
- Hype score
- Not currently trending
bypass CVE-2024-1874: https://t.co/Xztcz6OLhE
@kmkz_security
8 Dec 2025
14757 Impressions
18 Retweets
115 Likes
73 Bookmarks
0 Replies
0 Quotes
New critical kernel advisories for #Ubuntu FIPS: CVE-2024-1874 and CVE-2024-2112. These are LPE flaws in the hrtimer's race protection (Overwatch). Read more: 👉 https://t.co/CrXzfr7PCU #Security https://t.co/FmZmL9Yt8f
@Cezar_H_Linux
20 Nov 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A888D1BE-9D93-4707-AA45-61EF1DB5488C",
"versionEndExcluding": "8.1.28",
"versionStartIncluding": "8.1.0"
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AC1B000-D5C4-49E9-8EFE-8C5C8FF50AF2",
"versionEndExcluding": "8.2.18",
"versionStartIncluding": "8.2.0"
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE619987-797E-493B-B089-2E1CADDA9C47",
"versionEndExcluding": "8.3.5",
"versionStartIncluding": "8.3.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
],
"operator": "OR"
}
]
}
]