VDB
DEBIAN-CVE-2024-11234
DEBIAN-CVE-2024-11234
PUBLISHED
CVSS 7.199999809265137 HIGH
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
Risk Scores
CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | php7.4 | 0, 7.4.21-1+deb11u1, 7.4.25-1+deb11u1 |
| Debian:12 | php8.2 | 8.2.10-1, 8.2.10-2, 8.2.12-1 |
Exploit Intelligence
- cve_db.json (github-poc)
- ghost_report_20260112_192608.json (github-poc)
- ghost_report_20260112_175243.json (github-poc)
- ghost_report_20260112_182220.json (github-poc)
Timeline
- Nov 24, 2024 CVE Published
- Apr 28, 2026 CVE Updated