PHP <8.1.29/8.2.20/8.3.8 Proc_Open Cmd Inject via Trailing Space
CVE-2024-5585 Published on June 9, 2024
Command injection via array-ish $command parameter of proc_open() (bypass CVE-2024-1874 fix)
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Original issue: when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.
Vulnerability Analysis
CVE-2024-5585 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2024-5585. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and a small impact on availability.
Weakness Types
What is an Output Sanitization Vulnerability?
The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
CVE-2024-5585 has been classified to as an Output Sanitization vulnerability or weakness.
What is a Shell injection Vulnerability?
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
CVE-2024-5585 has been classified to as a Shell injection vulnerability or weakness.
Products Associated with CVE-2024-5585
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-5585 are published in these products:
Affected Versions
PHP Group PHP:- Version 8.1.* and below 8.1.29 is affected.
- Version 8.2.* and below 8.2.20 is affected.
- Version 8.3.* and below 8.3.8 is affected.
- Version 8.1.0 and below 8.1.29 is affected.
- Version 8.2.0 and below 8.2.20 is affected.
- Version 8.3.0 and below 8.3.8 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.