- Description
- In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
- Source
- security@php.net
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- PHP-CGI OS Command Injection Vulnerability
- Exploit added on
- Jun 12, 2024
- Exploit action due
- Jul 3, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
La nueva vulnerabilidad de PHP (CVE-2024-4577) expone los servidores Windows a ejecución remota de código mediante una inyección de argumentos CGI y está siendo explotada para la instalación del cripto minero #PacketCrypt https://t.co/vneDsXd25W #ciberseguridad #php #websecurity
@henryraul
14 Jan 2025
100 Impressions
10 Retweets
9 Likes
1 Bookmark
0 Replies
0 Quotes
هکرها با اکسپلویت کردن وب سرورهای php ماینر بر روی سرورها نصب می کنند. هکرها با استفاده از آسیب پذیری با کد شناسایی CVE-2024-4577 و وجود misconfiguration در دسترسی عمومی هکر به فایل php-cgi.exe می توانند دستوراتی را با استفاده از تابع system اجرا نمایند. https://t.co/Poz3aKY03t
@AmirHossein_sec
12 Jan 2025
41 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
cve-2024-4577:BestFit変換に起因する脆弱性が、理解した範囲だとシャレにならなくて震えてる。 たぶん、Windowsの内部処理はUTF-16で行っている。 しかし日本人ユーザーの日本語環境は932コードページ(ansiコードページの一部)な事が多く、そのページにはBestFit変換で文字を変換している。
@cloverfish300
12 Jan 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ちょっと前に出てた Windows 版 PHP の脆弱性も WorstFit が原因だったそうで、水面下で色々修正してもらおうとしてたけど協力が得られなかったので大公開したって感じっぽいな PHPの脆弱性CVE-2024-4577 について https://t.co/qLgEmDw0Dq
@izutorishima
10 Jan 2025
2102 Impressions
10 Retweets
31 Likes
8 Bookmarks
0 Replies
0 Quotes
One challenge on @LetsDefendIO a day, that's the goal moving forward. This challenge focused on CVE-2024-4577 which allows attackers to run arbitrary code on remote PHP servers using argument injection and this occurs when PHP runs in CGI mode. https://t.co/9ND8VAlPiV
@th3Cyb3rW0lf
29 Nov 2024
107 Impressions
0 Retweets
6 Likes
1 Bookmark
2 Replies
0 Quotes
CVE-2024-4577 โหดร้ายทารุณมากครับ
@bodin
24 Nov 2024
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
21 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-4577 RCE Exploit - Github https://t.co/BMWmfDS7YO
@turne85540
17 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-4577 RCE Exploit; PHP CGI Argument Injection https://t.co/IIl6TILGni
@turne85540
17 Nov 2024
29 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2024-4577)-1 Written in Python https://t.co/qwuD3y0wgc
@mysticvoyager42
17 Nov 2024
77 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
(CVE-2024-4577)-1 https://t.co/qwuD3y0wgc
@mysticvoyager42
17 Nov 2024
75 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2024-4577)-1 https://t.co/qwuD3xZYqE
@mysticvoyager42
17 Nov 2024
120 Impressions
0 Retweets
1 Like
1 Bookmark
1 Reply
0 Quotes
(CVE-2024-4577)-1 https://t.co/qwuD3y0wgc
@mysticvoyager42
17 Nov 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2024-4577)-1 https://t.co/qwuD3xZYqE
@mysticvoyager42
17 Nov 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2024-4577)-1 https://t.co/qwuD3y0wgc
@mysticvoyager42
17 Nov 2024
159 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2024-4577)-1 https://t.co/qwuD3xZYqE
@mysticvoyager42
17 Nov 2024
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
(CVE-2024-4577)-1 https://t.co/qwuD3y0wgc
@mysticvoyager42
17 Nov 2024
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Inyección de argumentos CGI en PHP mediante exploit RCE ℹ️ CVE-2024-4577 https://t.co/USHSEQQZ82
@elhackernet
16 Nov 2024
6690 Impressions
25 Retweets
105 Likes
40 Bookmarks
0 Replies
0 Quotes
CVE-2024-4577 : RCE Exploit PHP CGI argument injection This vulnerability was discovered by DEVCORE's Orange Tsai (@orange_8361) (@d3vc0r3). Make sure to follow his outstanding research. Our role is solely to create and develop exploits for this issue. https://t.co/S4zafAPyd5
@freedomhack101
16 Nov 2024
226 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
複数の攻撃者が PHP の欠陥 CVE-2024-4577 を悪用してマルウェアを配信 from https://t.co/yO2wtNGLK9 https://t.co/1mqTwc3ehh
@Banana27710055
31 Oct 2024
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
( CVE-2024-4577 ) Using Burp Suite and Metasploit https://t.co/tsfrW6hwGB #Exploit https://t.co/CFliiQN8cM
@Nxploited
31 Oct 2024
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
RedTail方面メモ(出前館事案) RedTail Cryptominer Threat Actors Adopt PAN-OS CVE-2024-3400 Exploit https://t.co/ErkyV1jm8W CVE-2024-4577 Exploits in the Wild One Day After Disclosure https://t.co/XHZOoQFamF
@taku888infinity
30 Oct 2024
1473 Impressions
7 Retweets
15 Likes
3 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DC2EEF8-834B-42A1-8DA3-0C2CF22A7070",
"versionEndExcluding": "8.1.29",
"versionStartIncluding": "8.1.0"
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A39988FF-D854-4277-9D66-6911AF371DD3",
"versionEndExcluding": "8.2.20",
"versionStartIncluding": "8.2.0"
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F579FFC1-4F81-4755-B14B-3AA73AC9FF7A",
"versionEndExcluding": "8.3.8",
"versionStartIncluding": "8.3.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
],
"operator": "OR"
}
]
}
]