CVE-2024-11233

hNXd' AND 9277=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) AND 'oobL'='oobL

Publication Date 2024-11-23
Severity Low
Type Cross-Site Request Forgery
Affected PHP Versions
  • 7.2.0-7.2.34
Fixed Product Versions
  • ZendPHP 7.2
  • ZendPHP 7.3
  • ZendPHP 7.4
  • ZendPHP 7.29108429
  • ZendPHP 7.29357358
  • ZendPHP 7.29819071
  • ZendPHP 7.29868234
  • ZendPHP 7.29914703
  • ZendPHP 7.29921362
  • ZendPHP 8.0
  • ZendPHP 8.1
  • ZendPHP 8.2
  • ZendPHP 8.3
  • ZendServer 2021.4.1

CVE Details

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.

Recommendations

We recommend upgrading to a known patched version of PHP.