How severe is CVE-2024-8927?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-8927?

This is classified as CWE-1220, which is a common weakness in software security.

CVE-2024-8927 - HIGH Severity | CVSS 7.5

Vulnerability Description

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.

Related Vulnerabilities

CVE-2024-13256

HIGH

CVSS:7.5(High)

Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4.

CWE-12202024

CVE-2024-33058

HIGH

CVSS:7.5(High)

Memory corruption while assigning memory from the source DDR memory(HLOS) to ADSP.

CWE-12202024

CVE-2025-20111

HIGH

CVSS:7.4(High)

A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker...

CWE-12202025

CVE-2023-0203

HIGH

CVSS:7.7(High)

NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial...

CWE-12202023

CVE-2023-0205

HIGH

CVSS:7.7(High)

CWE-12202023

CVE-2023-44285

HIGH

CVSS:7.8(High)

Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability. A local malicious user with low privileges could potentially...

CWE-12202023