Description
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
- Attack Vector
- network
- Complexity
- high
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- low
- Availability
- none
- Weaknesses
- CWE-444CWE-444
Metadata
- Primary Vendor
- PHP
- Published
- 10/8/2024
- Last Modified
- 11/3/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
php : phpphp : phpphp : php
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.