CVE-2024-9026

CVSS 3.1 Score 3.3 of 10 (low)

Details

Published Oct 8, 2024

Updated: Oct 16, 2024

CWE ID 117

CWE ID 158

Summary

CVE-2024-9026 is a vulnerability affecting PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, and 8.3.* before 8.3.12. When PHP-FPM SAPI is used and configured to catch workers output with the setting "catch_workers_output = yes," an attacker can potentially manipulate log message content and pollute the final log or remove up to 4 characters from log messages. Furthermore, if PHP-FPM is configured to use syslog output, the vulnerability may allow for the removal of additional log data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PHP: Hypertext Preprocessor

Affected Vendors

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/yzcN0O
https://www.cve.org/CVERecord?id=CVE-2024-9026
https://nvd.nist.gov/vuln/detail/CVE-2024-9026

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners