Home > Vulnerability Database > CVE-2024-8925

Mend.io Vulnerability Database

CVE-2024-8925

Date: October 7, 2024

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.

Language: C

Severity Score

3.1

Related Resources (3)

Url: https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-8925

Url: https://www.mend.io/vulnerability-database/CVE-2024-8925

Severity Score

3.1

Weakness Type (CWE)

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-444

Improper Validation of Syntactic Correctness of Input

CWE-1286

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-8925

Date: October 7, 2024

Language: C

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?