[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-1874":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":54,"duplicate_of":9,"upstream":55,"downstream":56,"duplicates":61,"related":62,"reserved_at":9,"published_at":65,"modified_at":66,"state":67,"summary":68,"references_raw":75,"kevs":120,"epss":121,"epss_history":124,"metrics":358,"affected":366},"CVE-2024-1874","In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply arguments that would execute arbitrary commands in Windows shell.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-116","Improper Encoding or Escaping of Output","The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.","weakness","Draft","Class","High",[20,24,28,32],{"id":21,"name":22,"techniques":23},"CAPEC-104","Cross Zone Scripting",[],{"id":25,"name":26,"techniques":27},"CAPEC-73","User-Controlled Filename",[],{"id":29,"name":30,"techniques":31},"CAPEC-81","Web Server Logs Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-85","AJAX Footprinting",[],[37,46],{"_key":38,"name":39,"source":40,"url":41,"maturity":42,"reliability_score":43,"verified":44,"type":9,"platforms":45,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PHP_PHP-SRC","Php Src","github","https://github.com/php/php-src/commit/fb58e69a84f4fde603a630d2c9df2fa3be16d846","poc",0.3,false,[],{"_key":47,"name":48,"source":49,"url":50,"maturity":51,"reliability_score":52,"verified":44,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_F3FAA9828E2C8818","Exploit Reference (vicarius.io)","reference","https://www.vicarius.io/vsociety/posts/command-injection-vulnerability-in-php-on-windows-systems-cve-2024-1874-and-cve-2024-5585","unknown",0.2,[],[],[],[57,59],{"_key":58},"OPENSUSE-SU-2024:13867-1",{"_key":60},"MGASA-2024-0132",[],[63,64],{"_key":60},{"_key":58},"2024-04-29T03:57:35.624Z","2025-11-04T18:22:36.621Z","Modified",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":69,"epss_score":70,"severity":69,"severity_score":71,"severity_version":72,"severity_source":73,"severity_vector":74,"severity_status":67},"critical",0.68573,9.4,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",[76,83,88,93,97,101,105,108,112,116],{"url":77,"sources":78,"tags":80},"https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7",[73,79],"nvd",[81,82],"Exploit","Vendor Advisory",{"url":84,"sources":85,"tags":86},"http://www.openwall.com/lists/oss-security/2024/04/12/11",[73,79],[87],"Mailing List",{"url":89,"sources":90,"tags":91},"https://security.netapp.com/advisory/ntap-20240510-0009/",[73,79],[92],"Third Party Advisory",{"url":94,"sources":95,"tags":96},"http://www.openwall.com/lists/oss-security/2024/06/07/1",[73,79],[87],{"url":98,"sources":99,"tags":100},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/",[73,79],[87],{"url":102,"sources":103,"tags":104},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/",[73,79],[87],{"url":50,"sources":106,"tags":107},[73,79],[81,92],{"url":109,"sources":110,"tags":111},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGWIK3HMBACERGB4TSBB2JUOMPYY2VKY/",[73,79],[],{"url":113,"sources":114,"tags":115},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZK3X6B7FBE32FETDSMRLJXTFTHKWSY/",[73,79],[],{"url":117,"sources":118,"tags":119},"https://www.kb.cert.org/vuls/id/123335",[73,79],[],[],{"date":122,"score":70,"percentile":123},"2026-06-04",0.98633,[125,129,132,134,137,139,141,143,145,148,151,153,155,158,160,164,167,170,174,177,179,181,185,187,190,194,196,199,202,205,207,209,212,214,216,219,221,224,227,230,233,235,238,241,244,247,250,253,255,258,260,262,265,267,271,273,275,278,281,284,287,289,292,295,297,300,303,306,308,310,312,314,317,320,323,325,327,329,331,333,335,337,339,341,344,346,349,351,353,355],{"date":126,"score":127,"percentile":128},"2025-11-04",0.57549,0.98045,{"date":130,"score":127,"percentile":131},"2025-11-05",0.98047,{"date":133,"score":127,"percentile":131},"2025-11-06",{"date":135,"score":127,"percentile":136},"2025-11-07",0.98048,{"date":138,"score":127,"percentile":131},"2025-11-08",{"date":140,"score":127,"percentile":131},"2025-11-09",{"date":142,"score":127,"percentile":131},"2025-11-10",{"date":144,"score":127,"percentile":136},"2025-11-11",{"date":146,"score":127,"percentile":147},"2025-11-12",0.9805,{"date":149,"score":127,"percentile":150},"2025-11-13",0.98051,{"date":152,"score":127,"percentile":150},"2025-11-14",{"date":154,"score":127,"percentile":131},"2025-11-15",{"date":156,"score":127,"percentile":157},"2025-11-16",0.98046,{"date":159,"score":127,"percentile":157},"2025-11-17",{"date":161,"score":162,"percentile":163},"2025-11-18",0.631,0.98377,{"date":165,"score":162,"percentile":166},"2025-11-19",0.98378,{"date":168,"score":162,"percentile":169},"2025-11-20",0.9838,{"date":171,"score":172,"percentile":173},"2025-11-21",0.58096,0.98073,{"date":175,"score":172,"percentile":176},"2025-11-22",0.98072,{"date":178,"score":172,"percentile":176},"2025-11-23",{"date":180,"score":172,"percentile":176},"2025-11-24",{"date":182,"score":183,"percentile":184},"2025-11-25",0.51267,0.97744,{"date":186,"score":183,"percentile":184},"2025-11-26",{"date":188,"score":183,"percentile":189},"2025-11-27",0.97745,{"date":191,"score":192,"percentile":193},"2025-11-28",0.51847,0.97773,{"date":195,"score":192,"percentile":193},"2025-11-29",{"date":197,"score":192,"percentile":198},"2025-11-30",0.97772,{"date":200,"score":192,"percentile":201},"2025-12-01",0.97789,{"date":203,"score":192,"percentile":204},"2025-12-02",0.97788,{"date":206,"score":192,"percentile":201},"2025-12-03",{"date":208,"score":192,"percentile":198},"2025-12-04",{"date":210,"score":192,"percentile":211},"2025-12-05",0.97771,{"date":213,"score":192,"percentile":211},"2025-12-06",{"date":215,"score":192,"percentile":193},"2025-12-07",{"date":217,"score":192,"percentile":218},"2025-12-08",0.97774,{"date":220,"score":192,"percentile":198},"2025-12-09",{"date":222,"score":192,"percentile":223},"2025-12-10",0.97777,{"date":225,"score":183,"percentile":226},"2025-12-11",0.97751,{"date":228,"score":183,"percentile":229},"2025-12-12",0.97755,{"date":231,"score":183,"percentile":232},"2025-12-13",0.97756,{"date":234,"score":183,"percentile":232},"2025-12-14",{"date":236,"score":183,"percentile":237},"2025-12-15",0.97757,{"date":239,"score":183,"percentile":240},"2025-12-16",0.97758,{"date":242,"score":183,"percentile":243},"2025-12-17",0.97761,{"date":245,"score":172,"percentile":246},"2025-12-18",0.98084,{"date":248,"score":172,"percentile":249},"2025-12-19",0.98086,{"date":251,"score":172,"percentile":252},"2025-12-20",0.98085,{"date":254,"score":172,"percentile":246},"2025-12-21",{"date":256,"score":172,"percentile":257},"2025-12-22",0.98079,{"date":259,"score":172,"percentile":246},"2025-12-23",{"date":261,"score":172,"percentile":249},"2025-12-24",{"date":263,"score":172,"percentile":264},"2025-12-25",0.98083,{"date":266,"score":172,"percentile":264},"2025-12-26",{"date":268,"score":269,"percentile":270},"2025-12-27",0.61194,0.98246,{"date":272,"score":172,"percentile":246},"2025-12-28",{"date":274,"score":172,"percentile":246},"2025-12-29",{"date":276,"score":172,"percentile":277},"2025-12-30",0.98082,{"date":279,"score":127,"percentile":280},"2025-12-31",0.98057,{"date":282,"score":127,"percentile":283},"2026-01-01",0.98081,{"date":285,"score":127,"percentile":286},"2026-01-02",0.9808,{"date":288,"score":127,"percentile":283},"2026-01-03",{"date":290,"score":127,"percentile":291},"2026-01-04",0.98066,{"date":293,"score":127,"percentile":294},"2026-01-05",0.98067,{"date":296,"score":127,"percentile":291},"2026-01-06",{"date":298,"score":127,"percentile":299},"2026-01-07",0.98069,{"date":301,"score":127,"percentile":302},"2026-01-08",0.9807,{"date":304,"score":127,"percentile":305},"2026-01-09",0.98071,{"date":307,"score":127,"percentile":176},"2026-01-10",{"date":309,"score":127,"percentile":302},"2026-01-11",{"date":311,"score":127,"percentile":302},"2026-01-12",{"date":313,"score":127,"percentile":176},"2026-01-13",{"date":315,"score":127,"percentile":316},"2026-01-14",0.98075,{"date":318,"score":127,"percentile":319},"2026-01-15",0.98076,{"date":321,"score":127,"percentile":322},"2026-01-16",0.98077,{"date":324,"score":127,"percentile":286},"2026-01-17",{"date":326,"score":127,"percentile":257},"2026-01-18",{"date":328,"score":127,"percentile":286},"2026-01-19",{"date":330,"score":127,"percentile":283},"2026-01-20",{"date":332,"score":127,"percentile":277},"2026-01-21",{"date":334,"score":127,"percentile":246},"2026-01-22",{"date":336,"score":127,"percentile":246},"2026-01-23",{"date":338,"score":127,"percentile":249},"2026-01-24",{"date":340,"score":127,"percentile":249},"2026-01-25",{"date":342,"score":127,"percentile":343},"2026-01-26",0.98087,{"date":345,"score":127,"percentile":343},"2026-01-27",{"date":347,"score":127,"percentile":348},"2026-01-28",0.98088,{"date":350,"score":127,"percentile":348},"2026-01-29",{"date":352,"score":127,"percentile":348},"2026-01-30",{"date":354,"score":127,"percentile":343},"2026-01-31",{"date":356,"score":127,"percentile":357},"2026-02-01",0.98106,[359,364],{"source":73,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":360,"cvss_v4_0":9},{"baseScore":71,"baseSeverity":361,"vectorString":74,"impactScore":362,"exploitabilityScore":363},"CRITICAL",9.2,10,{"source":79,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":365,"cvss_v4_0":9},{"baseScore":71,"baseSeverity":361,"vectorString":74,"impactScore":362,"exploitabilityScore":363},[367,377,395],{"ecosystem":9,"name":368,"vendor":369,"product":368,"cpe_part":370,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":371},"fedora","fedoraproject","o",[372,375],{"version":373,"is_range":44,"range_type":374,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"39","cpe",{"version":376,"is_range":44,"range_type":374,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"40",{"ecosystem":9,"name":378,"vendor":9,"product":378,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":379},"PHP",[380,387,391],{"version":381,"is_range":382,"range_type":73,"version_start":383,"version_start_type":384,"version_end":385,"version_end_type":386,"fixed_in":9},">= 8.1.*, \u003C 8.1.28",true,"8.1.*","including","8.1.28","excluding",{"version":388,"is_range":382,"range_type":73,"version_start":389,"version_start_type":384,"version_end":390,"version_end_type":386,"fixed_in":9},">= 8.2.*, \u003C 8.2.18","8.2.*","8.2.18",{"version":392,"is_range":382,"range_type":73,"version_start":393,"version_start_type":384,"version_end":394,"version_end_type":386,"fixed_in":9},">= 8.3.*, \u003C 8.3.5","8.3.*","8.3.5",{"ecosystem":9,"name":378,"vendor":9,"product":378,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":396},[397,400,403],{"version":398,"is_range":382,"range_type":374,"version_start":399,"version_start_type":384,"version_end":385,"version_end_type":386,"fixed_in":9},"gte8.1.0_lt8.1.28","8.1.0",{"version":401,"is_range":382,"range_type":374,"version_start":402,"version_start_type":384,"version_end":390,"version_end_type":386,"fixed_in":9},"gte8.2.0_lt8.2.18","8.2.0",{"version":404,"is_range":382,"range_type":374,"version_start":405,"version_start_type":384,"version_end":394,"version_end_type":386,"fixed_in":9},"gte8.3.0_lt8.3.5","8.3.0"]