CVE-2024-8929

CVSS 3.1 Score 5.8 of 10 (medium)

Details

Published Nov 22, 2024
CWE ID 125
CWE ID 200

Summary

CVE-2024-8929 is a newly disclosed vulnerability affecting PHP versions 8.1.*, 8.2.*, and 8.3.* before the respective patches 8.1.31, 8.2.26, and 8.3.14. This issue enables a malicious MySQL server to force the client to disclose the contents of its heap, exposing data from other SQL queries and potentially sensitive information belonging to different users on the same server. This can lead to serious security implications, such as data leakage and unauthorized access. It is crucial for users to apply the recommended patches as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • PHP: Hypertext Preprocessor

Affected Vendors

  • Php