CVE-2024-8926 Information

Description

In PHP versions 8.1. before 8.1.30 8.2. before 8.2.24 8.3. before 8.3.12 when using a certain non-standard configurations of Windows codepages the fixes for  CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3  may still be bypassed and the same command injection related to Windows \Best Fit\ codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run and thus reveal the source code of scripts run arbitrary PHP code on the server etc.

Reference

https://github.com/advisories/GHSA-vxpp-6299-mxw3