[{"vendor":"php","product":"php","defaultStatus":"unknown","cpes":["cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"],"versions":[{"version":"8.1.0","lessThan":"8.1.30","versionType":"semver","status":"affected"},{"version":"8.2.0","lessThan":"8.2.24","versionType":"semver","status":"affected"},{"version":"8.3.0","lessThan":"8.3.12","versionType":"semver","status":"affected"}]}]

{"timestamp":"2024-10-08T12:55:27.311454Z","id":"CVE-2024-8926","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}

[{"vendor":"PHP Group","product":"PHP","defaultStatus":"affected","platforms":["Windows"],"versions":[{"version":"8.1.*","lessThan":"8.1.30","versionType":"semver","status":"affected"},{"version":"8.2.*","lessThan":"8.2.24","versionType":"semver","status":"affected"},{"version":"8.3.*","lessThan":"8.3.12","versionType":"semver","status":"affected"}]}]

https://security.netapp.com/advisory/ntap-20241101-0003/

OR
          *cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:* versions from (including) 8.3.0 up to (excluding) 8.3.12
          *cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:* versions from (including) 8.2.0 up to (excluding) 8.2.24
          *cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:* versions from (including) 8.1.0 up to (excluding) 8.1.30

OR
          *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.1.0 up to (excluding) 8.1.30
          *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.2.0 up to (excluding) 8.2.24
          *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.3.0 up to (excluding) 8.3.12

PHP Group: https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq Types: Exploit, Vendor Advisory

https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq

https://github.com/advisories/GHSA-vxpp-6299-mxw3

https://github.com/advisories/GHSA-vxpp-6299-mxw3 Types: Third Party Advisory

NIST AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

NIST CWE-78

OR
     *cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:* versions from (including) 8.1.0 up to (excluding) 8.1.30
     *cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:* versions from (including) 8.2.0 up to (excluding) 8.2.24
     *cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:* versions from (including) 8.3.0 up to (excluding) 8.3.12

https://github.com/advisories/GHSA-vxpp-6299-mxw3 No Types Assigned

https://github.com/advisories/GHSA-vxpp-6299-mxw3 Third Party Advisory

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

PHP Group AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

PHP Group CWE-78

PHP Group https://github.com/advisories/GHSA-vxpp-6299-mxw3 [No types assigned]