CVE-2024-4577 - PHP-CGI OS Command Injection Vulnerability

CVE-2024-4577: PHP Group | PHP

Date Added:
2024-06-12

Due Date:
2024-07-03

Vulnerability Name: PHP-CGI OS Command Injection Vulnerability

Description: PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

Known To Be Used in Ransomware Campaigns?: Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://www.php.net/ChangeLog-8.php#; https://nvd.nist.gov/vuln/detail/CVE-2024-4577

Related News Articles

Hackers use PHP exploit to backdoor Windows systems with new malwareAugust 21, 2024

Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge BackdoorAugust 20, 2024

PHP Vulnerability Exploited to Spread Malware and Launch DDoS AttacksJuly 11, 2024

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)June 13, 2024

TellYouThePass ransomware exploits recent PHP RCE flaw to breach serversJune 11, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard