Piwigo.org

Phil35 · 2024-04-14 13:47:18

Hi,

This webpage is in french : https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0300/
however with https://deepl.com it is easy:

Risk(s)

Not specified by the publisher
Execution of arbitrary code
Denial of service
Security policy bypass

Systems affected

PHP versions 8.1.x prior to 8.1.28
PHP versions 8.2.x prior to 8.2.18
PHP versions 8.3.x prior to 8.3.6

Summary

Multiple vulnerabilities have been discovered in PHP. Some of them allow an attacker to cause a security issue not specified by the vendor, arbitrary code execution and a denial of service.

Kind regards
Phil

erAck · 2024-04-14 19:33:01

As the links to the cve.org beta site in that French page currently lead to nowhere at least until the CVEs are published (maybe longer as cve.org is beta and not fully functional yet), they can be looked up in the Debian security tracker. Details in the Notes sections link to the PHP security advisories:

https://security-tracker.debian.org/tra … -2024-1874
https://security-tracker.debian.org/tra … -2024-2756
https://security-tracker.debian.org/tra … -2024-3096
https://security-tracker.debian.org/tra … -2024-2757

Piwigo.org

Announcement

#1 2024-04-14 13:47:18

PHP and security issues, please have a look to upgrade

#2 2024-04-14 19:33:01

Re: PHP and security issues, please have a look to upgrade

Board footer