Main Vulnerability Database Exploits ID:11226 - Exploit for OS Command Injection in PHP - CVE-2024-8926

ID:11226 - Exploit for OS Command Injection in PHP - CVE-2024-8926

Published: March 18, 2025

Vulnerability identifier: #VU97691

Vulnerability risk: High

CVE-ID: CVE-2024-8926

CWE-ID: CWE-78

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://github.com/Night-have-dreams/php-cgi-Injector

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in PHP-CGI implementation. A remote attacker can send specially crafted HTTP request to the application and execute arbitrary OS commands on the system.

Note, the vulnerability exists due to incomplete fix for #VU91106 (CVE-2024-4577).

Remediation

Install updates from vendor's website.

ID:11226 - Exploit for OS Command Injection in PHP - CVE-2024-8926

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human