CVE Daily

CVE-2024-8925

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, e...

Low CVSS 3.1

Overview

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.

CWE: CWE-444 — Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Published: 2024-10-08T04:15:09.450
Risk analysis

This vulnerability is rated 🟢 LOW.

  • CVSS: 3.1 (LOW)
  • Detected tags: none (tag impact: LOW)

Recommended actions:

  • Prioritize remediation based on business criticality and exposure.
  • Limit exposure and increase monitoring until fixed.

Recommended tools

This page may include affiliate links. If you purchase through them, we may earn a commission at no extra cost to you. Learn more.

Tags