Description
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-4792)
WordPress Plugin WordPress Download Manager Unspecified Vulnerability (2.9.96)
WordPress Plugin Social Share Button Cross-Site Scripting (2.1)
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-5267)