False Positive PHP Version

  • Resolved lecareroy

    (@lecareroy)


    10 months ago

    We have tested the plugin on two of our pages. We have the problem that two PHP vulnerabilities are detected that do not exist. We also have the problem that we cannot ignore these two vulnerabilities.

    The mail content:

    PHP vulnerabilities
    PHP running: 8.1.22-he.0

    PHP 8.1 < 8.1.22
    [+] CVE-2023-3824

    PHP 8.1 < 8.1.22
    [+] CVE-2023-3823

    The problem is the php version detection. The detected version is 8.1.22-he.0. But PHP 8.1.22 is safe. The Plugin dont detect the version as 8.1.22 because of the appended chars “-he.0”.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Javier Casares

    (@javiercasares)

    I’m going to do some testing and come back ASAP with an answer. Maybe I need to change that in the API and not in the plugin…

    Thanks for noticing.

    Plugin Author Javier Casares

    (@javiercasares)

    I think I have a possible fix for this. I’ll probably release a new version soon.

    Thread Starter lecareroy

    (@lecareroy)

    Thank you for the quick reply. A new version would be great ??

    Plugin Author Javier Casares

    (@javiercasares)

    Thank you for your patience. The latest version should fix this.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘False Positive PHP Version’ is closed to new replies.