FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

php -- Multiple vulnerabilities

Affected packages
	php81	<	8.1.30
	php82	<	8.2.24
	php83	<	8.3.12

Details

VuXML ID	fe5c1e7a-7eed-11ef-9533-f875a43e1796
Discovery	2024-09-26
Entry	2024-09-30

php.net reports:

CVE-2024-8926: CGI: Fixed bug GHSA-9pqp-7h25-4f32 (Bypass of CVE-2024-4577, Parameter Injection Vulnerability).

CVE-2024-8927: CGI: Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision).

CVE-2024-9026: FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered).

CVE-2024-8925: SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data).

[source]

References

CVE Name	CVE-2024-8925
CVE Name	CVE-2024-8926
CVE Name	CVE-2024-8927
CVE Name	CVE-2024-9026
URL	https://www.php.net/ChangeLog-8.php