php-5.4.16-48.0.2.el7.AXS7

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for
developers to write dynamically generated web pages. PHP also offers built-in
database integration for several commercial and non-commercial database
management systems, so writing a database-enabled webpage with PHP is fairly
simple. The most common use of PHP coding is probably as a replacement for CGI
scripts.

The php package contains the module (often referred to as mod_php) which adds
support for the PHP language to Apache HTTP Server.

Security Fix(es):

* CVE-2024-8927: Fix bypass of cgi.force_redirect configuration

CVE-2024-8927
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in certain scenarios, the content of this variable can be controlled by the request submitter via HTTP headers, which can lead to cgi.force_redirect option not being correctly applied. In certain configurations this may lead to arbitrary file inclusion in PHP.