In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.
References
| Link | Resource |
|---|---|
| https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
19 Aug 2025, 16:25
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | |
| References | () https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 - Exploit, Vendor Advisory | |
| CWE | CWE-444 | |
| First Time |
Php
Php php |
16 Oct 2024, 18:53
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:php-fpm:php-fpm:*:*:*:*:*:*:*:* | |
| References | () https://github.com/php/php-src/security/advisories/GHSA-9pqp-7h25-4f32 - Exploit, Third Party Advisory | |
| CWE | NVD-CWE-noinfo | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
| First Time |
Php-fpm php-fpm
Php-fpm |
08 Oct 2024, 04:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-10-08 04:15
Updated : 2025-08-19 16:25
NVD link : CVE-2024-8925
Mitre link : CVE-2024-8925
JSON object : View
Products Affected
php
- php
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')