AI description
CVE-2024-4577 is a vulnerability that enables remote code execution in PHP installations on Windows servers. It specifically affects systems running PHP in CGI mode or those exposing the PHP binary. Exploitation involves leveraging the Windows "Best-Fit" encoding feature, typically by inserting a "soft hyphen" character within a URL. This allows attackers to bypass PHP sanitization measures and execute arbitrary code via the `php.exe` executable. While initially believed to have a broader impact, further research revealed that successful exploitation primarily hinges on the system's locale being configured for Chinese (simplified or traditional) or Japanese. Other similar locales might also be susceptible. The vulnerability affects PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. Proof-of-concept exploits were observed shortly after the vulnerability's disclosure, highlighting its potential for misuse.
- Description
- In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
- Source
- security@php.net
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- PHP-CGI OS Command Injection Vulnerability
- Exploit added on
- Jun 12, 2024
- Exploit action due
- Jul 3, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
#ThreatProtection #CVE-2024-4577 makes a return in recent #malware campaigns. Read more: https://t.co/u2qG0kCBp1 #PHP #vulnerability https://t.co/IGG6YS6CAK
@threatintel
4 Apr 2025
1010 Impressions
0 Retweets
6 Likes
0 Bookmarks
0 Replies
0 Quotes
The National Computer Emergency Response Team (NCERT) has issued an advisory regarding a critical PHP vulnerability, tracked as CVE-2024-4577, which threatens Windows-based systems running in CGI mode. Read More: https://t.co/DnPLof0pwG https://t.co/Rd1hy5BVIe
@ProPakistaniPK
25 Mar 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers https://t.co/HeLpJQpYnJ
@Davidhack00
25 Mar 2025
111 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/A7T87MY01Y
@Bavenhack
24 Mar 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/LNGQC3h5E2
@Bavenhack
24 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent Security Alert: Critical PHP flaw under mass exploitation! 🚨 Hackers are actively exploiting CVE-2024-4577 to hijack Windows servers for cryptojacking and more. https://t.co/3uG3OW5l2p https://t.co/Dpr6QPawxV
@TweekFawkes
23 Mar 2025
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/sxfBhjGg8w
@georgehackwiser
23 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/BT1ZLYBQZ2
@DCybersentinel
23 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/ytTYZGSdr6
@DCybersentinel
23 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/t2gLJfPanq
@savana_recovery
23 Mar 2025
158 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/aPZV0PHe7E
@savana_recovery
23 Mar 2025
114 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Gelombang eksploitasi CVE-2024-4577 yang menargetkan #PHPCGI juga berdampak pada #Indonesia. Serangan ini menunjukkan tingginya risiko bagi infrastruktur digital di negara ini. Langkah mitigasi segera diperlukan untuk mencegah dampak lebih luas. https://t.co/6t6kzEfBhX
@DoyanBocor
22 Mar 2025
18 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨 Grave falla en PHP CVE-2024-4577 está siendo explotado para desplegar mineros de criptomonedas y Quasar RAT en servidores Windows. El 54% de los ataques apuntan a Taiwán. 📰 Más información: https://t.co/bdYQBJszOe #Ciberseguridad #PHP #Hacking
@Cyph3R_CyberSec
22 Mar 2025
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Severe PHP Flaw Under Attack. Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers. 🔹 54% of attacks target Taiwan 🔹 5% deploy XMRig miner 🔹 PHP CGI mode at risk Patch NOW before your servers become a battleground. https://t.co
@achi_tech
21 Mar 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Bitdefender Labs is tracking new campaigns as threat actors exploit a vulnerability we first highlighted in June 2024. Bitdefender issued a critical security advisory regarding CVE-2024-4577 https://t.co/IN4DgWlJrz
@ngnicky
20 Mar 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an ar... https://t.co/FZlgYb9Vmh
@hugo4tech
19 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A severe PHP vulnerability (CVE-2024-4577) is being exploited to deploy Quasar RAT and XMRig miners, targeting Windows systems. Attacks reported in Taiwan, Hong Kong, and Brazil. 🔒💻 #PHPFlaw #Taiwan #RATs link: https://t.co/0tgCoivI3B https://t.co/WG4jtakbHH
@TweetThreatNews
19 Mar 2025
78 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 المخترقون يستغلون ثغرة أمنية خطيرة في PHP لتسليم برمجيات تعدين العملات مثل XMRig وRATs مثل Quasar RAT. الثغرة (CVE-2024-4577) تتعلق بإدخال معلمات تؤثر على أنظمة Windows التي تعمل في وضع CGI، مما يسمح للمهاجمين بتشغيل رموز عشوائية عن بُعد. #الامن_السيبراني https://t.co/AUQc6wX
@Cybercachear
19 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Severe PHP Flaw Under Attack. Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers. 🔹 54% of attacks target Taiwan 🔹 5% deploy XMRig miner 🔹 PHP CGI mode at risk Patch NOW before your servers become a battleground. 🔗 Learn
@TheHackersNews
19 Mar 2025
8955 Impressions
27 Retweets
82 Likes
12 Bookmarks
0 Replies
0 Quotes
Bitdefender observed an increase in CVE-2024-4577 exploitation - an injection vulnerability in PHP affecting Windows-based systems running in CGI mode. The flaw allowed attackers to execute arbitrary code by manipulating character encoding conversions. https://t.co/AKmKm63Mrd htt
@virusbtn
19 Mar 2025
1510 Impressions
11 Retweets
17 Likes
2 Bookmarks
0 Replies
1 Quote
#threatreport #LowCompleteness Technical Advisory: Mass Exploitation of CVE-2024-4577 | 18-03-2025 Source: https://t.co/2QcvzV5tTq Key details below ↓ 💀Threats: Lemonduck, Lolbin_technique, Xmrig_miner, Quasar_rat, 🎯Victims: Windows based cgi servers 🌐Geo: Taiwan, Japan,… h
@rst_cloud
18 Mar 2025
88 Impressions
1 Retweet
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Bitdefender Labs is tracking 🆕 campaigns exploiting CVE-2024-4577, a critical PHP vulnerability enabling remote code execution on Windows systems running in CGI mode. Get the full details here: 🔗 https://t.co/9eQNEBJfMu. #InfoSec #ThreatResearch
@Bitdefender_Ent
18 Mar 2025
121 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
A critical remote code execution vulnerability in #PHP for #Windows (CVE-2024-4577) is being actively exploited, allowing remote code execution by leveraging Windows' "Best-Fit" character conversion. 👇 Mitigations and recommendations: https://t.co/pKtX1dacrK https://t.co/VjuV6
@TuxCare_
15 Mar 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#breacheyesonly📢📢 #snaphack #buyingcontent #monkeyappgirls🔗🔐🔗 #crypto #snapchatleak #bitcoin฿💰#easymoney🌐#purchasesnaphack🛎️🛎️#Everyone #recovery🚨Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access to systems in Japan‼‼‼💼💼 https:
@cyber_expert8
14 Mar 2025
76 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🎯 Unknown #Hackers Target #Japanese Organizations via PHP Vulnerability A mystery hacking group has been exploiting CVE-2024-4577, a remote code execution (RCE) flaw in PHP-CGI on #Windows, to infiltrate Japanese... 👉 To continue reading, please visit https://t.co/EFbUQNRDGW
@GonPhishinDaily
14 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: Windows PHP users, patch ASAP! Massive attacks! Critical PHP flaw CVE-2024-4577 is under mass attack, putting Windows systems at risk of full compromise. https://t.co/XVcsoUR5z8
@TweekFawkes
13 Mar 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Stay ahead of vulnerabilities! Update PHP-CGI now to combat the rapidly escalating exploitation risk linked to CVE-2024-4577 and keep your systems secure. https://t.co/vJ3aoMiBmn https://t.co/LmqK4pGK0G
@g1itch_n_rich
13 Mar 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ¡Vulnerabilidad crítica en PHP bajo ataque masivo! 🚨 La falla CVE-2024-4577 permite ejecución remota de código en servidores Windows. 🔒 Protege tus sistemas ahora: https://t.co/DHs0MUu6sY #Ciberseguridad #PHP #RCE #OjoCibernético https://t.co/F2hNTS6dKn
@ojo_cibernetico
13 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#CyberAlert | Mass Exploitation of Critical PHP-CGI Vulnerability https://t.co/UjthgobQ41 We are aware of reports of ongoing and increased exploitation of CVE-2024-4577, a critical remote code execution (RCE) vulnerability in the PHP-CGI implementation of PHP on Windows.
@cybercentre_ca
12 Mar 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577) https://t.co/AowJVLaDGy https://t.co/ky2BEQ7XO3
@djhsecurity
12 Mar 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
GreyNoise warns of mass exploitation of CVE-2024-4577, a critical PHP remote code execution vulnerability affecting Windows installations in CGI mode, enabling unauthenticated code execution, with significant attempts from Germany and China. #Security https://t.co/IlubCE0LZo
@Strivehawk
11 Mar 2025
47 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📰 Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577 - https://t.co/7WE5829U2l #AndonToken #Crypto
@AndonToken
11 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical PHP RCE vulnerability mass exploited in new attacks. Tracked as CVE-2024-4577, this PHP-CGI argument injection flaw was patched in June 2024 and affects Windows PHP installations with PHP running in CGI mode. https://t.co/d8cBOXxjY9 https://t.co/97cHSPLl1i
@riskigy
11 Mar 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical PHP Flaw Under Mass Attack – Update NOW 🚨 Hackers are exploiting CVE-2024-4577, a remote code execution bug in PHP on Windows servers! 1,089+ attack sources, with ransomware groups actively abusing it. Patch ASAP to PHP 8.1.29, 8.2.20, or 8.3.8!… https://t.co/YOwfbbSrs
@dCypherIO
11 Mar 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Following widespread reports of mass exploitation of CVE-2024-4577, we found 19,439 exposed instances running PHP versions that remain potentially vulnerable to the exploit. An updated Censys query is available for further analysis in this advisory: https://t.co/4oVI6guvdt
@censysio
11 Mar 2025
80 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical vulnerability CVE-2024-4577 in PHP (CGI mode) is being widely exploited, impacting Windows systems globally, including in the US and Japan. Persistent threats detected. ⚠️ #WindowsSecurity #PHPFlaw #Japan link: https://t.co/MrbJT0v1fh https://t.co/AqK13tbKeE
@TweetThreatNews
11 Mar 2025
66 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
Understanding CVE-2024-4577: A Critical PHP Vulnerability https://t.co/VpphwqO07U #cve20244577 #phpvulnerability #remotecodeexecution #cybersecurity #infosec
@DefendOpsHQ
11 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
専門家は、重大な PHP の脆弱性 CVE-2024-4577 の大規模な悪用について警告 Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577 #SecurityAffairs (Mar 10) ■ChatGPTまとめ Microsoft… https://t.co/gBViNz1HuP
@foxbook
11 Mar 2025
351 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Given the latest reports on mass exploitation of CVE-2024-4577, would encourage you to check out our advisory released in the Summer on #cve-2024-4577 https://t.co/VzOZoXTjoA
@esthreat
11 Mar 2025
89 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
PHPのゼロデイ脆弱性(CVE-2024-4577)が悪用され、金融機関やEコマースサイトが標的に。Cobalt StrikeやMimikatzを使用し、認証情報窃取やRCEを実行。緊急パッチ適用が必須。 https://t.co/yhldAXKDat
@01ra66it
10 Mar 2025
2275 Impressions
9 Retweets
46 Likes
18 Bookmarks
0 Replies
1 Quote
🚨 Expertos advierten sobre explotación masiva de falla crítica en PHP (CVE-2024-4577). Miles de servidores en riesgo de ataques remotos. Urge actualizar a PHP 8.1.27, 8.2.14 o 8.3.1. ⬇️ 𝗘𝗫𝗣𝗟𝗢𝗧𝗔𝗖𝗜Ó𝗡 𝗠𝗔𝗦𝗜𝗩𝗔 𝗗𝗘 𝗩𝗨𝗟𝗡𝗘𝗥𝗔𝗕𝗜𝗟𝗜𝗗𝗔𝗗 𝗖𝗥Í𝗧𝗜𝗖𝗔 𝗘𝗡… htt
@C1B3R53CUR1TY
10 Mar 2025
20 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#threatreport #MediumCompleteness GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577), Signaling Broad Campaign | 10-03-2025 Source: https://t.co/RlK6guMoGp Key details below ↓ 💀Threats: Cobalt_strike, Taowu_tool, 🎯Victims: Japanese… https://
@rst_cloud
10 Mar 2025
66 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔍BlackBastaGPT:流出したハッカーのチャットをAIで分析 🚨PHPスクリプトに影響与えるバグは「世界的な即時対応が必要」 研究者が指摘(CVE-2024-4577) 〜サイバーセキュリティ週末の話題〜 https://t.co/hRLxYgHubB #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
10 Mar 2025
106 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
日本の企業を標的にPHP-CGIのRCE脆弱性(CVE-2024-4577)が悪用され、Cobalt Strikeでバックドアを設置。権限昇格や認証情報窃取を実行。攻撃者はAlibaba CloudとGiteeを利用。警戒が必要。 https://t.co/hwA2nXi567
@01ra66it
10 Mar 2025
382 Impressions
2 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
ハッカーがPHPの脆弱性を悪用し、日本を標的にサイバー攻撃を実行(CVE-2024-4577) #セキュリティ対策Lab #セキュリティ #Security https://t.co/GWaFxfZajk
@securityLab_jp
10 Mar 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری جدیدی با کد شناسایی CVE-2024-4577 برای PHP-CGI از نوع RCE منتشر شده است که به هکرها امکان اجرای کد بر روی وب سرور های دارای این ماژول PHP را می دهد. بعد از اکسپلویت شدن ، اسکریپت powershell که در کد php قرار داده شده، دانلود و اجرا می شود. https://t.co/Poz3aKYxT1 htt
@AmirHossein_sec
9 Mar 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-4577: Critical PHP-CGI RCE Flaw Under Active Exploitation #cybersecurity #news #viral #latest #trending https://t.co/FoCmM018So
@cyashadotcom
9 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ 警报:PHP-CGI远程代码执行漏洞CVE-2024-4577正被黑客大规模利用! 超过45万Windows系统PHP实例可能受影响,黑客正通过Python脚本快速扫描并植入Cobalt Strike后门。 日本多行业已成为主要攻击目标,美国和巴西的金融医疗机构也遭受攻击。 各位网络安全人员,你们组织是否已更新至PHP… https://t.co/GnAGwRmN6V
@affadvisor
9 Mar 2025
67 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-4577 impacts PHP and exploits in wild #CVE-2024-4577 #PHP https://t.co/V0wIk3WZH9
@pravin_karthik
8 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: PHP-CGI Vulnerability (Bug affecting PHP scripts) 📅 Timeline: Disclosure: 2024-01-15, Patch: 2023-08-01 📌 Attribution: 🆔cveId: CVE-2024-4577 📊baseScore: 9.8 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: Critical 🔴… htt
@syedaquib77
8 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DC2EEF8-834B-42A1-8DA3-0C2CF22A7070",
"versionEndExcluding": "8.1.29",
"versionStartIncluding": "8.1.0"
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A39988FF-D854-4277-9D66-6911AF371DD3",
"versionEndExcluding": "8.2.20",
"versionStartIncluding": "8.2.0"
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F579FFC1-4F81-4755-B14B-3AA73AC9FF7A",
"versionEndExcluding": "8.3.8",
"versionStartIncluding": "8.3.0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
],
"operator": "OR"
}
]
}
]