Vulnerabilities > PHP FPM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-08 | CVE-2024-8925 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. | 5.3 |
| 2024-10-08 | CVE-2024-8926 | OS Command Injection vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. | 8.8 |
| 2024-10-08 | CVE-2024-8927 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. | 7.5 |
| 2024-10-08 | CVE-2024-9026 | Unspecified vulnerability in PHP-Fpm In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. | 3.3 |
| 2017-08-25 | CVE-2015-3211 | Link Following vulnerability in PHP-Fpm php-fpm allows local users to write to or create arbitrary files via a symlink attack. | 5.5 |