PT-2022-7421 · Php+10 · Php+10

Nielsdos

Published

2022-09-28

Updated

2025-12-27

CVE-2022-31629

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions PHP versions prior to 7.4.31 PHP versions prior to 8.0.24 PHP versions prior to 8.1.11

Description The issue is related to incorrect input validation in PHP, allowing network and same-site attackers to set a standard insecure cookie in the victim's browser, which is treated as a Host- or Secure- cookie by PHP applications. This enables remote attackers to establish insecure cookies.

Recommendations For PHP versions prior to 7.4.31, update to version 7.4.31 or later. For PHP versions prior to 8.0.24, update to version 8.0.24 or later. For PHP versions prior to 8.1.11, update to version 8.1.11 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1284CWE-20

Related Identifiers

ALSA-2023:0848

ALSA-2023:0965

ALSA-2023:2417

ALSA-2023:2903

ALSA-2023_0848

ALSA-2023_0965

ALSA-2023_2417

ALSA-2023_2903

ALSA-2024:10949

ALSA-2024:10950

ALSA-2024:10951

ALSA-2024:10952

ALSA-2024_10949

ALSA-2024_10950

ALSA-2024_10951

ALSA-2024_10952

ALSA-2025_16880

ALT-PU-2022-2698

ALT-PU-2022-2705

ALT-PU-2022-2715

ALT-PU-2022-2755

ALT-PU-2022-2767

ALT-PU-2022-2810

ALT-PU-2022-2827

ALT-PU-2022-3022

BDU:2024-05844

BIT-LIBPHP-2022-31629

BIT-PHP-2022-31629

BIT-PHP-MIN-2022-31629

CESA-2023_0848

CESA-2023_2903

CVE-2022-31629

DLA-3243-1

DLA-3810-1

DSA-5277-1

ELSA-2023-0848

ELSA-2023-0965

ELSA-2023-2417

ELSA-2023-2903

MGASA-2022-0362

OESA-2023-1271

OESA-2023-1272

OESA-2023-1273

OPENSUSE-SU-2022_3661-1

OPENSUSE-SU-2022_3830-1

OPENSUSE-SU-2022_3997-1

OPENSUSE-SU-2022_4067-1

OPENSUSE-SU-2022_4069-1

OPENSUSE-SU-2024:13867-1

OPENSUSE-SU-2024_1444-1

OPENSUSE-SU-2024_1446-1

RHSA-2023:0848

RHSA-2023:0965

RHSA-2023:2417

RHSA-2023:2903

RHSA-2023_0848

RHSA-2023_0965

RHSA-2023_2417

RHSA-2023_2903

RLSA-2023:0848

RLSA-2023:0965

RLSA-2023_0848

RLSA-2023_0965

RLSA-2023_2417

RLSA-2023_2903

SUSE-SU-2022:3661-1

SUSE-SU-2022:3830-1

SUSE-SU-2022:3957-1

SUSE-SU-2022:3997-1

SUSE-SU-2022:4067-1

SUSE-SU-2022:4068-1

SUSE-SU-2022:4069-1

SUSE-SU-2022_3661-1

SUSE-SU-2022_3957-1

SUSE-SU-2024_1444-1

SUSE-SU-2024_1445-1

SUSE-SU-2024_1446-1

SUSE-SU-2024_2037-1

USN-5717-1

USN-5905-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Php

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-7421 · Php+10 · Php+10

CVE-2022-31629

Weakness Enumeration

Related Identifiers

Affected Products

References · 215