CVE-2024-8925
Published: 08 October 2024
Summary
CVE-2024-8925 is a low-severity HTTP Request/Response Smuggling (CWE-444) vulnerability in Php Php. Its CVSS base score is 3.1 (Low).
Operationally, ranked in the top 16.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-49488
Vulnerability details
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to…
more
control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.