PT-2024-3484 · Php+10 · Php+10

Lavish

+1

·

Published

2024-04-09

·

Updated

2025-08-11

·

CVE-2024-2756

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions PHP (affected versions not specified)
Description The issue is related to the incorrect handling of cookies by PHP applications, allowing network and same-site attackers to set a standard insecure cookie in the victim's browser, which is then treated as a Host- or Secure- cookie. This can potentially lead to session hijacking and unauthorized access to protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2024:10949
ALSA-2024:10950
ALSA-2024:10951
ALSA-2024:10952
ALT-PU-2024-13731
ALT-PU-2024-6442
ALT-PU-2024-6444
ALT-PU-2024-6496
ALT-PU-2024-6501
ALT-PU-2024-6566
ALT-PU-2024-6670
AZL-40070
BDU:2024-03785
BIT-LIBPHP-2024-2756
BIT-PHP-2024-2756
BIT-PHP-MIN-2024-2756
CESA-2024_10951
CESA-2024_10952
CVE-2024-2756
DLA-3810-1
DSA-5660-1
DSA-5661-1
GHSA-WPJ3-HF5J-X4V4
INFSA-2024_10949
INFSA-2024_10950
INFSA-2024_10951
INFSA-2024_10952
INFSA-2025_7315
MGASA-2024-0132
OESA-2024-2061
OESA-2024-2062
OESA-2024-2085
OPENSUSE-SU-2024_1444-1
OPENSUSE-SU-2024_1446-1
RHSA-2024:10949
RHSA-2024:10950
RHSA-2024:10951
RHSA-2024:10952
RHSA-2024_10949
RHSA-2024_10950
RHSA-2024_10951
RHSA-2024_10952
RHSA-2025:7315
RHSA-2025_7315
RLSA-2024:10949
RLSA-2024:10950
RLSA-2024:10951
RLSA-2024:10952
SUSE-SU-2024:1444-1
SUSE-SU-2024:1445-1
SUSE-SU-2024:1446-1
SUSE-SU-2024:2037-1
USN-6757-1
USN-6757-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu