Vulnerability Database

300,444

Total vulnerabilities in the database

CVE-2024-8929

In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.

Published: Nov 22, 2024
Updated: Nov 4, 2025
CVE: CVE-2024-8929
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.8
AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

CWEs:

CWE-200
CWE-125

Affected Software
References

Software	From	Fixed in
php / php	8.3.0	8.3.14
php / php	8.2.0	8.2.26
php / php	8.1.0	8.1.31

https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678
https://lists.debian.org/debian-lts-announce/2024/12/msg00007.html
https://security.netapp.com/advisory/ntap-20250110-0008/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo