Insufficient Logging in PHP - CVE-2024-9026
Published: September 27, 2024
Vulnerability identifier: #VU97747
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-9026
CWE-ID: CWE-778
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: PHP Group
Affected software:
PHP
PHP
Detailed vulnerability description
The vulnerability allows an attacker to alter log files.
The vulnerability exists due to an unspecified error, which can lead to logs from child processes to be altered.
How to mitigate CVE-2024-9026
Install updates from vendor's website.