CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-1874

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.4225/1

CVE-2024-1874 is a critical security vulnerability in PHP versions before 8.1.28, 8.2.18, and 8.3.5. This code injection flaw affects the proc_open() function when used with array syntax on Windows systems. Malicious users can exploit insufficient escaping to inject and execute arbitrary commands within the Windows shell.

Despite a low SVRS of 30, indicating a moderate immediate threat according to SOCRadar's scale, CVE-2024-1874 should be addressed, as tags indicate active exploits have been published to exploit the vulnerability. The risk lies in potential system compromise and unauthorized access. This is significant because attackers could gain complete control of the affected server, leading to data breaches and service disruptions. Immediate patching is recommended to mitigate this risk.

TAGS
In The Wild
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2024-04-29
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-1874 is a critical vulnerability with a SVRS of 85, indicating a high risk of exploitation. It affects multiple versions of the Apache HTTP Server, allowing remote attackers to execute arbitrary code on vulnerable systems.

Key Insights:

  • Active Exploits: Active exploits have been published, making this vulnerability a high-priority target for attackers.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • Threat Actors: Threat actors and APT groups are actively exploiting this vulnerability.
  • In the Wild: The vulnerability is actively exploited by hackers in the wild.

Mitigation Strategies:

  • Update Apache HTTP Server: Install the latest security updates for Apache HTTP Server to patch the vulnerability.
  • Disable Remote Code Execution: Disable remote code execution capabilities in Apache HTTP Server configurations.
  • Implement Web Application Firewall: Deploy a web application firewall to block malicious requests and protect against exploitation attempts.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and investigate any anomalies.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Tgcohce/CVE-2024-1874https://github.com/Tgcohce/CVE-2024-18742024-07-18
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows
2025-02-01
VU#123335: Multiple programming languages fail to escape arguments properly in Microsoft Windows | Overview Various programming languages lack proper validation mechanisms for commands and in some cases also fail to escape arguments correctly when invoking commands within a Microsoft Windows environment. The command injection vulnerability in these programming languages, when running on Windows, allows attackers to execute arbitrary code disguised as arguments to the command. This vulnerability may also affect the application that executes commands without specifying the file extension. Description
cert.org
rss
forum
news
CVE-2024-1874 | PHP up to 8.1.27/8.2.17/8.3.4 on Windows proc_open command injection (GHSA-pc52-254m-w9w7 / Nessus ID 213289)
vuldb.com2024-12-20
CVE-2024-1874 | PHP up to 8.1.27/8.2.17/8.3.4 on Windows proc_open command injection (GHSA-pc52-254m-w9w7 / Nessus ID 213289) | A vulnerability classified as critical has been found in PHP up to 8.1.27/8.2.17/8.3.4 on Windows. This affects the function proc_open. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-1874. It is possible to initiate the
vuldb.com
rss
forum
news
PHP security releases 8.3.8, 8.2.20, and 8.1.29
2024-06-07
PHP security releases 8.3.8, 8.2.20, and 8.1.29 | Posted by Alan Coopersmith on Jun 06In https://fosstodon.org/@php/112570710411472992 it is written: The Changelog link includes further details: - Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection in PHP-CGI). (CVE-2024-4577) - Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE
seclists.org
rss
forum
news
CVE-2024-1874 | PHP up to 8.1.27/8.2.17/8.3.4 on Windows proc_open command injection (GHSA-pc52-254m-w9w7)
vuldb.com2024-05-22
CVE-2024-1874 | PHP up to 8.1.27/8.2.17/8.3.4 on Windows proc_open command injection (GHSA-pc52-254m-w9w7) | A vulnerability classified as critical has been found in PHP up to 8.1.27/8.2.17/8.3.4 on Windows. This affects the function proc_open. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-1874. It is possible to initiate the attack remotely. There
vuldb.com
rss
forum
news

Social Media

PHP - CVE-2024-1874 https://t.co/ZHsCRR1gAi
0
0
0
CVE-2024-5585 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. Orig… https://t.co/CIVriUDOSb
0
0
1
CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, and CVE-2024-2757 PHP its not that i hate you, its how fragile you are.
0
0
0
Critical PHP Vulnerabilities Alert! 🛡️ Urgent updates are crucial to shield against takeovers and command injection. CVE-2024-1874, CVE-2024-2756, CVE-2024-3096, CVE-2024-2757 pose severe risks to PHP-based systems. Act swiftly to safeguard your digital assets. https://t.co/G137kvqQWb
0
0
0
CVE-2024-1874 In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arg… https://t.co/S8MZMgUuja
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
[email protected]http://www.openwall.com/lists/oss-security/2024/04/12/11
[email protected]https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
[email protected]http://www.openwall.com/lists/oss-security/2024/04/12/11
[email protected]http://www.openwall.com/lists/oss-security/2024/06/07/1
[email protected]https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
[email protected]https://security.netapp.com/advisory/ntap-20240510-0009/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/12/11
[email protected]http://www.openwall.com/lists/oss-security/2024/06/07/1
[email protected]https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
[email protected]https://security.netapp.com/advisory/ntap-20240510-0009/
[email protected]http://www.openwall.com/lists/oss-security/2024/04/12/11
[email protected]http://www.openwall.com/lists/oss-security/2024/06/07/1
[email protected]https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
[email protected]https://security.netapp.com/advisory/ntap-20240510-0009/
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/04/12/11
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/06/07/1
AF854A3A-2127-422B-91AE-364DA2661108https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20240510-0009/
AF854A3A-2127-422B-91AE-364DA2661108https://www.vicarius.io/vsociety/posts/command-injection-vulnerability-in-php-on-windows-systems-cve-2024-1874-and-cve-2024-5585
[email protected]http://www.openwall.com/lists/oss-security/2024/04/12/11
[email protected]http://www.openwall.com/lists/oss-security/2024/06/07/1
[email protected]https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
[email protected]https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
[email protected]https://security.netapp.com/advisory/ntap-20240510-0009/
GITHUBhttp://www.openwall.com/lists/oss-security/2024/04/12/11
GITHUBhttps://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7

CWE Details

CWE IDCWE NameDescription
CWE-116Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence