PT-2024-6534 · Php+10 · Php+10

Mihail Kirov

+1

·

Published

2019-06-02

·

Updated

2025-08-11

·

CVE-2024-8925

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: PHP versions 8.1.* through 8.1.29 PHP versions 8.2.* through 8.2.23 PHP versions 8.3.* through 8.3.11
Description: The issue is related to erroneous parsing of multipart form data contained in an HTTP POST request, which could lead to legitimate data not being processed. This could allow a malicious attacker, capable of controlling part of the submitted data, to exclude portions of other data, potentially leading to erroneous application behavior. The vulnerability is associated with insufficient input validation.
Recommendations: For PHP versions 8.1.* through 8.1.29, update to version 8.1.30 or later. For PHP versions 8.2.* through 8.2.23, update to version 8.2.24 or later. For PHP versions 8.3.* through 8.3.11, update to version 8.3.12 or later. As a temporary workaround, consider restricting the use of multipart form data in HTTP POST requests until a patch is available.

Exploit

Fix

DoS

HTTP Request/Response Smuggling

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-444CWE-20

Related Identifiers

ALSA-2024:10949
ALSA-2024:10950
ALSA-2024:10951
ALSA-2024:10952
ALT-PU-2019-1959
ALT-PU-2021-2943
ALT-PU-2021-3079
ALT-PU-2023-1275
ALT-PU-2023-4125
ALT-PU-2024-13449
ALT-PU-2024-13465
ALT-PU-2024-13522
ALT-PU-2024-13710
ALT-PU-2024-13711
ALT-PU-2024-13731
ALT-PU-2024-16480
ALT-PU-2024-6670
AZL-50153
AZL-50166
BDU:2024-07676
BIT-LIBPHP-2024-8925
BIT-PHP-2024-8925
BIT-PHP-MIN-2024-8925
CESA-2024_10951
CESA-2024_10952
CVE-2024-8925
DLA-3920-1
DSA-5780-1
GHSA-9PQP-7H25-4F32
INFSA-2024_10949
INFSA-2024_10950
INFSA-2024_10951
INFSA-2024_10952
INFSA-2025_7315
OESA-2024-2248
OPENSUSE-SU-2024:14376-1
OPENSUSE-SU-2024_3664-1
OPENSUSE-SU-2024_3729-1
OPENSUSE-SU-2024_3733-1
RHSA-2024:10949
RHSA-2024:10950
RHSA-2024:10951
RHSA-2024:10952
RHSA-2024_10949
RHSA-2024_10950
RHSA-2024_10951
RHSA-2024_10952
RHSA-2025:7315
RHSA-2025_7315
RLSA-2024:10949
RLSA-2024:10950
RLSA-2024:10951
RLSA-2024:10952
SUSE-SU-2024:3664-1
SUSE-SU-2024:3729-1
SUSE-SU-2024:3732-1
SUSE-SU-2024:3733-1
SUSE-SU-2024_3664-1
SUSE-SU-2024_3729-1
SUSE-SU-2024_3732-1
SUSE-SU-2024_3733-1
USN-7049-1
USN-7049-2
USN-7049-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Php
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu