Mihail Kirov

Name of the Vulnerable Software and Affected Versions: PHP versions 8.1.* through 8.1.29 PHP versions 8.2.* through 8.2.23 PHP versions 8.3.* through 8.3.11 Description: The issue is related to erroneous parsing of multipart form data contained in an HTTP POST request, which could lead to legitimate data not being processed. This could allow a malicious attacker, capable of controlling part of the submitted data, to exclude portions of other data, potentially leading to erroneous application behavior. The vulnerability is associated with insufficient input validation. Recommendations: For PHP versions 8.1.* through 8.1.29, update to version 8.1.30 or later. For PHP versions 8.2.* through 8.2.23, update to version 8.2.24 or later. For PHP versions 8.3.* through 8.3.11, update to version 8.3.12 or later. As a temporary workaround, consider restricting the use of multipart form data in HTTP POST requests until a patch is available.