Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
PHP Vulnerability - CVE-2024-3096 - Vulnerability Database
PHP

PHP Vulnerability - CVE-2024-3096

Medium
Reference: CVE-2024-3096
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-3096
Title: PHP Vulnerability
Overview:

In PHP version 8.1. before 8.1.28 8.2. before 8.2.18 8.3. before 8.3.5 ifa password stored with password_hash() starts with a null byte (x00) testing a blank string as the password via password_verify() will incorrectly return true.