{"uuid": "1e522248-7b8a-47c4-af0a-90f3a5a379c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-5458", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7557", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-5458\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)\n\ud83d\udd39 Description: In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when validating URLs\u00a0(FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly.\n\ud83d\udccf Published: 2024-06-09T18:26:28.804Z\n\ud83d\udccf Modified: 2025-03-14T14:13:20.514Z\n\ud83d\udd17 References:\n1. https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w\n2. http://www.openwall.com/lists/oss-security/2024/06/07/1\n3. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/\n4. https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/\n5. https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html\n6. https://security.netapp.com/advisory/ntap-20240726-0001/", "creation_timestamp": "2025-03-14T14:45:11.000000Z"}