CVE-2024-11234

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Nov 24, 2024
Updated: Nov 26, 2024
CWE ID 20
CWE ID 74

Summary

CVE-2024-11234 is a vulnerability affecting PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, and 8.3.* before 8.3.14. The issue lies in the way streams with configured proxies and the "request_fulluri" option are handled. The URI is not adequately sanitized, making it susceptible to HTTP request smuggling. Attackers can exploit this vulnerability to perform arbitrary HTTP requests originating from the server, potentially gaining unauthorized access to resources not accessible to external users.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PHP: Hypertext Preprocessor

Affected Vendors

  • Php