How severe is CVE-2024-9026?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2024-9026?

This is classified as CWE-117, which is a common weakness in software security.

CVE-2024-9026 - LOW Severity | CVSS 3.3

Vulnerability Description

In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possible to pollute the final log or remove up to 4 characters from the log messages by manipulating log message content. Additionally, if PHP-FPM is configured to use syslog output, it may be possible to further remove log data using the same vulnerability.

Related Vulnerabilities

CVE-2024-23194

LOW

CVSS:3.3(Low)

Improper output Neutralization for Logs (CWE-117) in the Command Centre API Diagnostics Endpoint could allow an attacker limited ability to modify Command Centre log files. This issue affects: Gallagh...

CWE-1172024

CVE-2023-32712

LOW

CVSS:3.1(Low)

In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, an attacker can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable termi...

CWE-1172023

CVE-2018-10932

MEDIUM

CVSS:4.3(Medium)

lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the b...

CWE-1172018

CVE-2021-22096

MEDIUM

CVSS:4.3(Medium)

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.

CWE-1172021

CVE-2021-23266

MEDIUM

CVSS:4.3(Medium)

An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

CWE-1172021

CVE-2023-37275

MEDIUM

CVSS:4.3(Medium)

Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify dif...

CWE-1172023