Main Vulnerability Database Exploits ID:8452 - Exploit for Security features bypass in PHP - CVE-2022-31629

ID:8452 - Exploit for Security features bypass in PHP - CVE-2022-31629

Published: October 8, 2022

Vulnerability identifier: #VU67756

Vulnerability risk: Low

CVE-ID: CVE-2022-31629

CWE-ID: CWE-254

Exploitation vector: Remote access

Vulnerable software:
PHP

Link to public exploit:

https://github.com/silnex/CVE-2022-31629-poc

Vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the way PHP handles HTTP variable names. A remote attacker can set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

Remediation

Install updates from vendor's website.

ID:8452 - Exploit for Security features bypass in PHP - CVE-2022-31629

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human