CVE-2024-2756
Host/Secure cookie bypass due to partial CVE-2022-31629 -5955')) ORDER BY 1-- seus
Publication Date | 2024-04-12 |
---|---|
Severity | Low |
Type | Cross-Site Request Forgery |
Affected PHP Versions |
|
Fixed Product Versions |
|
CVE Details
Due to an incomplete fix for CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser, which is then treated as a __Host-
or __Secure-
cookie by PHP applications.
Recommendations
If you use Same-Site cookies, we recommend updating to a patched version of PHP.