Security Alert (A24-11-19): Multiple Vulnerabilities in PHP


 

Published on: 25 November 2024

  
  

Description:

PHP has released security advisories to address multiple vulnerabilities in PHP. The detailed information about the vulnerabilities can be found at:
https://www.php.net/ChangeLog-8.php

 

Affected Systems:

  • PHP 8.4 version prior to 8.4.1
  • PHP 8.3 version prior to 8.3.14
  • PHP 8.2 version prior to 8.2.26
  • PHP 8.1 version prior to 8.1.31

Please note that PHP prior to version 8.0.x has reached End-Of-Life (EOL). No security updates will be provided after that. System administrators should arrange upgrading the PHP to supported versions or migrating to other supported technology.

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to information disclosure, security restriction bypass or tampering on an affected system.

 

Recommendation:

Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.php.net/ChangeLog-8.php
  • https://www.hkcert.org/security-bulletin/php-multiple-vulnerabilities_20241122
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8929
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8932
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11233 (to CVE-2024-11234)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11236


Tag: PHP
Tags