Known Exploited Vulnerability
9.8
CRITICAL
CVE-2024-4577
PHP-CGI OS Command Injection Vulnerability - [Actively Exploited]
Description

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

INFO

Published Date :

June 9, 2024, 8:15 p.m.

Last Modified :

Dec. 20, 2024, 6:45 p.m.

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9
CISA Notification
CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Description :

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

Required Action :

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Notes :

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://www.php.net/ChangeLog-8.php#; https://nvd.nist.gov/vuln/detail/CVE-2024-4577

Public PoC/Exploit Available at Github

CVE-2024-4577 has a 104 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2024-4577 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Fedoraproject fedora
1 Php php
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-4577.

URL Resource
http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List Third Party Advisory
https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ Exploit Press/Media Coverage Third Party Advisory
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html Third Party Advisory
https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately Third Party Advisory
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ Exploit Third Party Advisory
https://github.com/11whoami99/CVE-2024-4577 Exploit
https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Broken Link
https://github.com/rapid7/metasploit-framework/pull/19247 Exploit Issue Tracking Patch
https://github.com/watchtowrlabs/CVE-2024-4577 Exploit Third Party Advisory
https://github.com/xcanwin/CVE-2024-4577-PHP-RCE Exploit Third Party Advisory
https://isc.sans.edu/diary/30994 Exploit Third Party Advisory
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List
https://security.netapp.com/advisory/ntap-20240621-0008/ Third Party Advisory
https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ Third Party Advisory
https://www.php.net/ChangeLog-8.php#8.1.29 Release Notes
https://www.php.net/ChangeLog-8.php#8.2.20 Release Notes
https://www.php.net/ChangeLog-8.php#8.3.8 Release Notes
http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List Third Party Advisory
https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ Exploit Press/Media Coverage Third Party Advisory
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html Third Party Advisory
https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately Third Party Advisory
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ Exploit Third Party Advisory
https://github.com/11whoami99/CVE-2024-4577 Exploit
https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Exploit Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/19247 Exploit Issue Tracking Patch
https://github.com/watchtowrlabs/CVE-2024-4577 Exploit Third Party Advisory
https://github.com/xcanwin/CVE-2024-4577-PHP-RCE Exploit Third Party Advisory
https://isc.sans.edu/diary/30994 Exploit Third Party Advisory
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ Exploit Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List
https://security.netapp.com/advisory/ntap-20240621-0008/ Third Party Advisory
https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ Third Party Advisory
https://www.php.net/ChangeLog-8.php#8.1.29 Release Notes
https://www.php.net/ChangeLog-8.php#8.2.20 Release Notes
https://www.php.net/ChangeLog-8.php#8.3.8 Release Notes
https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577 Exploit Third Party Advisory
https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577 Exploit Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Updated: 3 days, 1 hour ago
0 stars 0 fork 0 watcher
Born at : Dec. 19, 2024, 1:46 a.m. This repo has been linked 123 different CVEs too.

oscp notes

Updated: 3 days, 12 hours ago
0 stars 0 fork 0 watcher
Born at : Dec. 9, 2024, 6:26 p.m. This repo has been linked 66 different CVEs too.

A curated collection of Proof of Concept (PoC) tools, scripts, and techniques designed for red team operations, penetration testing, and cybersecurity research. This repository focuses on providing practical resources for exploring vulnerabilities

attack cybersecurity exp hw penetration-testing poc red-team security-tools vulnerability-poc

Updated: 2 weeks, 3 days ago
1 stars 2 fork 2 watcher
Born at : Nov. 17, 2024, 11:53 a.m. This repo has been linked 414 different CVEs too.

CVE-2024-4577 RCE PoC

Python

Updated: 2 weeks, 2 days ago
16 stars 2 fork 2 watcher
Born at : Nov. 6, 2024, 5:30 a.m. This repo has been linked 2 different CVEs too.

None

PowerShell

Updated: 1 month, 2 weeks ago
0 stars 0 fork 0 watcher
Born at : Nov. 3, 2024, 3:42 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 1 month, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Oct. 28, 2024, 9:10 p.m. This repo has been linked 1 different CVEs too.

None

Python

Updated: 1 month, 2 weeks ago
3 stars 1 fork 1 watcher
Born at : Oct. 14, 2024, 9:11 a.m. This repo has been linked 1 different CVEs too.

This repository is designed to provide a comprehensive collection of study materials, notes, and resources for the Offensive Security Certified Professional (OSCP) exam. It covers all key topics from basic to advanced, helping aspiring penetration testers to prepare efficiently for the exam.

cybersecurity hacking oscp oscp-guide oscp-journey oscp-prep

Updated: 1 month, 3 weeks ago
2 stars 0 fork 0 watcher
Born at : Oct. 4, 2024, 4:43 p.m. This repo has been linked 75 different CVEs too.

A Bash script designed to scan multiple domains for the CVE-2024-4577 vulnerability in PHP-CGI.

Shell

Updated: 1 month, 1 week ago
2 stars 0 fork 0 watcher
Born at : Oct. 4, 2024, 1:10 p.m. This repo has been linked 1 different CVEs too.

None

Python C Shell PHP PowerShell ASP.NET

Updated: 2 months ago
0 stars 0 fork 0 watcher
Born at : Oct. 1, 2024, 2:21 p.m. This repo has been linked 66 different CVEs too.

TISC 2024 writeup

Updated: 2 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Oct. 1, 2024, 11:27 a.m. This repo has been linked 1 different CVEs too.

This project is about setting up a Metasploitable 2 virtual machine and a Kali Linux virtual machine in VirtualBox. Then doing some basic hacks on the Metasploitable VM. Then doing a Nessus scan to create a vulnerability report.

Updated: 2 months, 3 weeks ago
0 stars 0 fork 0 watcher
Born at : Sept. 23, 2024, 6:10 a.m. This repo has been linked 1 different CVEs too.

这是一个每天同步Vulnerability-Wiki中docs-base中内容的项目

HTML

Updated: 1 month, 1 week ago
0 stars 0 fork 0 watcher
Born at : Sept. 20, 2024, 3:27 a.m. This repo has been linked 210 different CVEs too.

None

Python

Updated: 3 months ago
2 stars 1 fork 1 watcher
Born at : Sept. 12, 2024, 7:27 p.m. This repo has been linked 1 different CVEs too.

🚨 New Incident Report Completed! 🚨 Just wrapped up "Event ID 268: SOC292 - Possible PHP Injection Detected (CVE-2024-4577)" on LetsDefend.io. This analysis involved investigating an attempted Command Injection targeting our PHP server. Staying ahead of these threats with continuous monitoring and swift containment! 🛡️

Updated: 3 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Sept. 12, 2024, 7:10 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-4577 vulnerability anywhere in the article.

  • The Cyber Express
December 2024 Cyble Report: Malware, Phishing, and IoT Vulnerabilities on the Rise

The latest Sensor Intelligence Report from Cyble, dated December 4–10, 2024, sheds light on a troubling increase in cyber threats, including malware intrusions, phishing scams, and attacks targeting v ... Read more

Published Date: Dec 16, 2024 (5 days, 18 hours ago)
  • Cybersecurity News
PoC Exploit Code Releases Cleo Zero-Day Vulnerability (CVE-2024-50623)

Organizations using Cleo file transfer software are urged to take immediate action as a critical vulnerability, CVE-2024-50623, is being actively exploited in the wild. This zero-day flaw affects Cleo ... Read more

Published Date: Dec 12, 2024 (1 week, 3 days ago)
  • The Hacker News
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

IoT Security / Vulnerability The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying th ... Read more

Published Date: Nov 08, 2024 (1 month, 1 week ago)
  • The Cyber Express
Cyble Sensors Uncover Cyberattacks on Java Framework and IoT Devices

Cyble vulnerability intelligence unit has shared a report, detailing the recent cyberattacks on the Spring Java framework and hundreds of thousands of Internet of Things (IoT) devices. The report shed ... Read more

Published Date: Oct 23, 2024 (1 month, 4 weeks ago)
  • The Cyber Express
Progress Telerik, Cisco, QNAP and Linux Under Attack: Cyble Honeypot Sensors

Cyble’s Vulnerability Intelligence unit has detected cyberattacks on several key IT products and systems, as threat actors have been quick to exploit vulnerabilities and enterprises slow to patch them ... Read more

Published Date: Oct 08, 2024 (2 months, 1 week ago)
  • Cybersecurity News
LemonDuck Exploits EternalBlue Vulnerability for Cryptomining Attacks

A recent report from security researchers at Aufa and NetbyteSEC Interns sheds light on the resurgence of the LemonDuck malware, which is now exploiting the EternalBlue vulnerability (CVE-2017-0144) i ... Read more

Published Date: Oct 08, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
Linux Servers Under Siege: “Perfctl” Malware Evades Detection for Years

The entire attack flow | Image: Aqua NautilusIn a recent report by Aqua Nautilus researchers Assaf Morag and Idan Revivo, the Linux server community has been alerted to the presence of a particularly ... Read more

Published Date: Oct 03, 2024 (2 months, 2 weeks ago)
  • Cybersecurity News
Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates

The PHP project has recently released a security advisory, addressing several vulnerabilities affecting various versions of PHP. These vulnerabilities range from potential log tampering to arbitrary f ... Read more

Published Date: Sep 30, 2024 (2 months, 3 weeks ago)
  • Cybersecurity News
Cyberattack on Delta Prime: Losses Soar to $6M

The Delta Prime platform fell victim to a cyberattack resulting in the theft of cryptocurrency worth approximately $6 million. Initially, losses were reported at around $4.5 million, but the damage la ... Read more

Published Date: Sep 18, 2024 (3 months ago)
  • The Cyber Express
U.S. Intelligence Agencies Say Chinese Botnet Compromised 260,000 Devices

U.S. intelligence agencies issued a warning today about a Chinese botnet that has compromised 260,000 devices around the globe, including small office/home office (SOHO) routers, firewalls, network-at ... Read more

Published Date: Sep 18, 2024 (3 months ago)
  • Cybersecurity News
166k+ Projects at Risk: AutoGPT’s Critical Vulnerability Explained – CVE-2024-6091 (CVSS 9.8)

A significant security vulnerability has been discovered in AutoGPT, a powerful AI tool designed to automate tasks through intelligent agents. With over 166k stars on GitHub, AutoGPT has gained popula ... Read more

Published Date: Sep 17, 2024 (3 months ago)
  • Cybersecurity News
PAN-OS Vulnerabilities: Command Injection (CVE-2024-8686) and GlobalProtect Exposure (CVE-2024-8687)

Palo Alto Networks, a leading cybersecurity solutions provider, has recently released a critical security advisory, urging its customers to take immediate action to address several vulnerabilities dis ... Read more

Published Date: Sep 12, 2024 (3 months, 1 week ago)
  • Cybersecurity News
CVE-2024-42500 (CVSS 9.3): Critical HPE HP-UX Vulnerability Demands Immediate Action

A critical vulnerability has been discovered in HPE HP-UX’s Network File System (NFSv4), leaving systems open to potential denial-of-service (DoS) attacks. This vulnerability, tracked as CVE-2024-4250 ... Read more

Published Date: Sep 11, 2024 (3 months, 1 week ago)
  • Cybersecurity News
CVE-2024-20017 (CVSS 9.8): Zero-Click Exploit Discovered in Popular Wi-Fi Chipsets, PoC Published

Image: HyprdudeSecurity researcher Hyprdude has published detailed information and a proof-of-concept (PoC) exploit for a critical vulnerability identified as CVE-2024-20017. With a CVSS score of 9.8, ... Read more

Published Date: Sep 05, 2024 (3 months, 2 weeks ago)
  • Kaspersky
IT threat evolution in Q2 2024. Non-mobile statistics

The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures In Q2 2024: Kaspersk ... Read more

Published Date: Sep 03, 2024 (3 months, 2 weeks ago)
  • Cybersecurity News
CVE-2024-7261 (CVSS 9.8): Zyxel Patches Critical Vulnerability in Wi-Fi Devices

Zyxel, a prominent networking equipment manufacturer, has issued a security advisory urging users to promptly update their firmware to address a critical vulnerability affecting a range of their acces ... Read more

Published Date: Sep 03, 2024 (3 months, 2 weeks ago)
  • Dark Reading
Taiwan University Under Fire From Unique DLL Backdoor

Source: James Stone via Alamy Stock PhotoA never-before-seen backdoor, dubbed Msupedge, is targeting victims in Taiwan, using a unique communications technique.After Symantec researchers caught the ma ... Read more

Published Date: Aug 21, 2024 (4 months ago)
  • Kaspersky
Exploits and vulnerabilities in Q2 2024

Q2 2024 was eventful in terms of new interesting vulnerabilities and exploitation techniques for applications and operating systems. Attacks through vulnerable drivers have become prevalent as a gener ... Read more

Published Date: Aug 21, 2024 (4 months ago)
  • BleepingComputer
Hackers use PHP exploit to backdoor Windows systems with new malware

Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability ... Read more

Published Date: Aug 20, 2024 (4 months ago)
  • The Hacker News
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor

Vulnerability / Threat Intelligence A previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan. "The most notable feature of ... Read more

Published Date: Aug 20, 2024 (4 months ago)
  • Cybersecurity News
Unseen Msupedge Malware Exploits PHP Flaw CVE-2024-4577 in Taiwanese University Cyberattack

A new and sophisticated backdoor, dubbed Backdoor.Msupedge, has been identified in a recent cyberattack targeting a university in Taiwan. Symantec’s security researchers have uncovered this previously ... Read more

Published Date: Aug 20, 2024 (4 months ago)
  • Cybersecurity News
CVE-2024-38200: Zero-Day Vulnerability in Microsoft Office: A Call for Urgent Action

In a recent advisory published on August 8th, Microsoft disclosed a high-severity zero-day vulnerability affecting multiple versions of its Office software suite. The vulnerability tracked as CVE-2024 ... Read more

Published Date: Aug 11, 2024 (4 months, 1 week ago)
  • Cybersecurity News
MongoDB Patches High-Severity Windows Vulnerability (CVE-2024-7553) in Multiple Products

MongoDB, the popular NoSQL database provider, announced the patching of a high-severity vulnerability affecting multiple versions of its server and driver products. The flaw, tracked as CVE-2024-7553 ... Read more

Published Date: Aug 09, 2024 (4 months, 1 week ago)
  • New Jetpack Site
Vulnerabilità critica in PHP sfruttata in the wild

PROTO: N240619 CERT-Yoroi informa che è stata resa nota una vulnerabilità critica sul linguaggio di programmazione PHP che consente ad utenti malintenzionati di eseguire del codice da remoto arbitrari ... Read more

Published Date: Jun 19, 2024 (6 months ago)
  • malware-traffic-analysis.net
2024-06-11 - Traffic example of a CVE-2024-4577 probe

NOTES: I saw a single hit from 221.122.67[.]75 for a CVE-2024-4577 probe on an Ubuntu Apache web server I am running. I sanitized the pcap of this example, changing the associated MAC addresses and al ... Read more

Published Date: Jun 13, 2024 (6 months, 1 week ago)

The following table lists the changes that have been made to the CVE-2024-4577 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Modified Analysis by [email protected]

    Dec. 20, 2024

    Action Type Old Value New Value
    Changed CPE Configuration OR *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (excluding) 8.1.29 *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.2.0 up to (excluding) 8.2.20 *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.3.0 up to (excluding) 8.3.8 OR *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.1.0 up to (excluding) 8.1.29 *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.2.0 up to (excluding) 8.2.20 *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.3.0 up to (excluding) 8.3.8
    Changed Reference Type http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List, Release Notes http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List, Third Party Advisory
    Changed Reference Type http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List, Release Notes http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List, Third Party Advisory
    Changed Reference Type https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Broken Link https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Exploit, Third Party Advisory
    Changed Reference Type https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Broken Link https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Exploit, Third Party Advisory
    Changed Reference Type https://github.com/rapid7/metasploit-framework/pull/19247 Exploit, Issue Tracking https://github.com/rapid7/metasploit-framework/pull/19247 Exploit, Issue Tracking, Patch
    Changed Reference Type https://github.com/rapid7/metasploit-framework/pull/19247 Exploit, Issue Tracking https://github.com/rapid7/metasploit-framework/pull/19247 Exploit, Issue Tracking, Patch
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List, Third Party Advisory https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List
    Changed Reference Type https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577 No Types Assigned https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577 Exploit, Third Party Advisory
    Changed Reference Type https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577 No Types Assigned https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577 Exploit, Third Party Advisory
  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference http://www.openwall.com/lists/oss-security/2024/06/07/1
    Added Reference https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
    Added Reference https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
    Added Reference https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
    Added Reference https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
    Added Reference https://github.com/11whoami99/CVE-2024-4577
    Added Reference https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
    Added Reference https://github.com/rapid7/metasploit-framework/pull/19247
    Added Reference https://github.com/watchtowrlabs/CVE-2024-4577
    Added Reference https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
    Added Reference https://isc.sans.edu/diary/30994
    Added Reference https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
    Added Reference https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
    Added Reference https://security.netapp.com/advisory/ntap-20240621-0008/
    Added Reference https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
    Added Reference https://www.php.net/ChangeLog-8.php#8.1.29
    Added Reference https://www.php.net/ChangeLog-8.php#8.2.20
    Added Reference https://www.php.net/ChangeLog-8.php#8.3.8
    Added Reference https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577
    Added Reference https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577
  • Modified Analysis by [email protected]

    Aug. 14, 2024

    Action Type Old Value New Value
    Changed Reference Type https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ Exploit, Third Party Advisory https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ Exploit, Press/Media Coverage, Third Party Advisory
    Changed Reference Type https://github.com/rapid7/metasploit-framework/pull/19247 Exploit https://github.com/rapid7/metasploit-framework/pull/19247 Exploit, Issue Tracking
    Changed Reference Type https://security.netapp.com/advisory/ntap-20240621-0008/ No Types Assigned https://security.netapp.com/advisory/ntap-20240621-0008/ Third Party Advisory
  • CVE Modified by [email protected]

    Jun. 21, 2024

    Action Type Old Value New Value
    Added Reference PHP Group https://security.netapp.com/advisory/ntap-20240621-0008/ [No types assigned]
  • Modified Analysis by [email protected]

    Jun. 21, 2024

    Action Type Old Value New Value
    Changed Reference Type http://www.openwall.com/lists/oss-security/2024/06/07/1 No Types Assigned http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List, Release Notes
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ Mailing List, Third Party Advisory
    Changed Reference Type https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ No Types Assigned https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ Mailing List, Third Party Advisory
    Added CPE Configuration OR *cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* *cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
  • CVE Modified by [email protected]

    Jun. 13, 2024

    Action Type Old Value New Value
    Added Reference PHP Group https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ [No types assigned]
  • CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725

    Jun. 13, 2024

    Action Type Old Value New Value
    Added Date Added 2024-06-12
    Added Vulnerability Name PHP-CGI OS Command Injection Vulnerability
    Added Due Date 2024-07-03
    Added Required Action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • CVE Modified by [email protected]

    Jun. 12, 2024

    Action Type Old Value New Value
    Added Reference PHP Group https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ [No types assigned]
  • CVE Modified by [email protected]

    Jun. 10, 2024

    Action Type Old Value New Value
    Added Reference PHP Group http://www.openwall.com/lists/oss-security/2024/06/07/1 [No types assigned]
  • CVE Modified by [email protected]

    Jun. 10, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jun. 10, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ No Types Assigned https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ Exploit, Third Party Advisory
    Changed Reference Type https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html No Types Assigned https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html Third Party Advisory
    Changed Reference Type https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately No Types Assigned https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately Third Party Advisory
    Changed Reference Type https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ No Types Assigned https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ Exploit, Third Party Advisory
    Changed Reference Type https://github.com/11whoami99/CVE-2024-4577 No Types Assigned https://github.com/11whoami99/CVE-2024-4577 Exploit
    Changed Reference Type https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv No Types Assigned https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Broken Link
    Changed Reference Type https://github.com/rapid7/metasploit-framework/pull/19247 No Types Assigned https://github.com/rapid7/metasploit-framework/pull/19247 Exploit
    Changed Reference Type https://github.com/watchtowrlabs/CVE-2024-4577 No Types Assigned https://github.com/watchtowrlabs/CVE-2024-4577 Exploit, Third Party Advisory
    Changed Reference Type https://github.com/xcanwin/CVE-2024-4577-PHP-RCE No Types Assigned https://github.com/xcanwin/CVE-2024-4577-PHP-RCE Exploit, Third Party Advisory
    Changed Reference Type https://isc.sans.edu/diary/30994 No Types Assigned https://isc.sans.edu/diary/30994 Exploit, Third Party Advisory
    Changed Reference Type https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ No Types Assigned https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ Exploit, Third Party Advisory
    Changed Reference Type https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ No Types Assigned https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ Third Party Advisory
    Changed Reference Type https://www.php.net/ChangeLog-8.php#8.1.29 No Types Assigned https://www.php.net/ChangeLog-8.php#8.1.29 Release Notes
    Changed Reference Type https://www.php.net/ChangeLog-8.php#8.2.20 No Types Assigned https://www.php.net/ChangeLog-8.php#8.2.20 Release Notes
    Changed Reference Type https://www.php.net/ChangeLog-8.php#8.3.8 No Types Assigned https://www.php.net/ChangeLog-8.php#8.3.8 Release Notes
    Added CWE NIST CWE-78
    Added CPE Configuration OR *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 5.0.0 up to (excluding) 8.1.29 *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.2.0 up to (excluding) 8.2.20 *cpe:2.3:a:php:php:*:*:*:*:*:*:*:* versions from (including) 8.3.0 up to (excluding) 8.3.8
  • CVE Modified by [email protected]

    Jun. 10, 2024

    Action Type Old Value New Value
    Added Reference PHP Group https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately [No types assigned]
    Added Reference PHP Group https://isc.sans.edu/diary/30994 [No types assigned]
  • CVE Modified by [email protected]

    Jun. 10, 2024

    Action Type Old Value New Value
    Added Reference PHP Group https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html [No types assigned]
    Added Reference PHP Group https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ [No types assigned]
    Added Reference PHP Group https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ [No types assigned]
    Added Reference PHP Group https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ [No types assigned]
    Added Reference PHP Group https://github.com/11whoami99/CVE-2024-4577 [No types assigned]
    Added Reference PHP Group https://github.com/xcanwin/CVE-2024-4577-PHP-RCE [No types assigned]
    Added Reference PHP Group https://github.com/rapid7/metasploit-framework/pull/19247 [No types assigned]
    Added Reference PHP Group https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ [No types assigned]
    Added Reference PHP Group https://github.com/watchtowrlabs/CVE-2024-4577 [No types assigned]
    Added Reference PHP Group https://www.php.net/ChangeLog-8.php#8.1.29 [No types assigned]
    Added Reference PHP Group https://www.php.net/ChangeLog-8.php#8.2.20 [No types assigned]
    Added Reference PHP Group https://www.php.net/ChangeLog-8.php#8.3.8 [No types assigned]
  • CVE Received by [email protected]

    Jun. 09, 2024

    Action Type Old Value New Value
    Added Description In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
    Added Reference PHP Group https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv [No types assigned]
    Added CWE PHP Group CWE-78
    Added CVSS V3.1 PHP Group AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-4577 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability