CVE-2024-4577 - PHP-CGI OS Command Injection Vulnerability

Vulnerability Name

PHP-CGI OS Command Injection Vulnerability

Description

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

Known To Be Used in Ransomware Campaigns?

Known

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://www.php.net/ChangeLog-8.php#

https://nvd.nist.gov/vuln/detail/CVE-2024-4577

Related News Articles

Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig MinersMarch 19, 2025

Critical PHP RCE vulnerability mass exploited in new attacksMarch 11, 2025

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV ListMarch 11, 2025

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce SectorsMarch 7, 2025

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS AttacksJanuary 8, 2025