#VU97747 Insufficient Logging in PHP - CVE-2024-9026
Published: September 27, 2024
Vulnerability identifier: #VU97747
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-9026
CWE-ID: CWE-778
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
PHP
PHP
Software vendor:
PHP Group
PHP Group
Description
The vulnerability allows an attacker to alter log files.
The vulnerability exists due to an unspecified error, which can lead to logs from child processes to be altered.
Remediation
Install updates from vendor's website.