CVE-2024-8929
CVSS 3.1 Score 5.8 of 10 (medium)
Details
Summary
CVE-2024-8929 is a newly disclosed vulnerability affecting PHP versions 8.1.*, 8.2.*, and 8.3.* before the respective patches 8.1.31, 8.2.26, and 8.3.14. This issue enables a malicious MySQL server to force the client to disclose the contents of its heap, exposing data from other SQL queries and potentially sensitive information belonging to different users on the same server. This can lead to serious security implications, such as data leakage and unauthorized access. It is crucial for users to apply the recommended patches as soon as possible to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- PHP: Hypertext Preprocessor
Affected Vendors
- Php