CVE-2024-3096 | PHP up to 8.1.27/8.2.17/8.3.4 password_verify poison null byte

Inserito da Angelo Barbosa | Apr 13, 2024 | CVE

A vulnerability, which was classified as problematic, has been found in PHP up to 8.1.27/8.2.17/8.3.4. This issue affects the function password_verify. The manipulation leads to null byte interaction error.

The identification of this vulnerability is CVE-2024-3096. The attack may be initiated remotely. Furthermore, there is an exploit available.

It is recommended to upgrade the affected component.

CVE-2024-3096 | PHP up to 8.1.27/8.2.17/8.3.4 password_verify poison null byte

Post correlati

CVE-2024-41141 | EC-CUBE Web API Plugin OAuth Management Page cross site scripting

CVE-2024-38896 | Wavlink WN551K1 /cgi-bin/nightled.cgi start_hour command injection

CVE-2024-47687 | Linux Kernel up to 6.10.12/6.11.1 mlx5_vdpa_dev_add null pointer dereference (b6fbb1c7801f/5fe351def237/dc12502905b7)

CVE-2024-4255 | Ruijie RG-UAC up to 20240419 gre_edit_commit.php name os command injection