The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-8926 advisory. In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3.* before 8.3.12, when using a certain non- standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 May still be bypassed and the same command injection related to Windows Best Fit codepage behavior can be achieved. This May allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc. (CVE-2024-8926) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
Azure Linux 3.0 Security Update: php (CVE-2024-8926)
