CVE-2024-4577
Critical Severity
Php
Php
SVRS
99/100
CVSSv3
9.8/10
EPSS
0.94376/1
CVE-2024-4577: A critical PHP vulnerability affecting Windows systems using Apache and PHP-CGI. This flaw, present in PHP versions before 8.1.29, 8.2.20, and 8.3.8, allows attackers to exploit "Best-Fit" character conversion in Windows command lines. The high SVRS score of 99 indicates immediate action is required. Attackers can inject malicious PHP options, potentially revealing source code or executing arbitrary code on the server. With active exploits available and inclusion in the CISA KEV catalog, CVE-2024-4577 poses a significant risk. This vulnerability allows for serious security breaches, demanding prompt patching and mitigation. The vulnerability is associated with a known ransomware campaign use.
TAGS
In The Wild
Exploit Avaliable
CISA KEV
Known Ransomware Campaign Use
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-06-09
LAST MODIFIED2025-03-28
SOCRadar
AI Insight
Description
CVE-2024-4577 is a critical vulnerability in PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, and 8.3.* before 8.3.8. It allows malicious users to pass options to the PHP binary being run, potentially revealing the source code of scripts or executing arbitrary PHP code on the server. The vulnerability has a CVSS score of 9.8 and an SVRS of 99, indicating its severe impact and urgency.
Key Insights
- Active Exploits: Active exploits have been published, making it imperative for organizations to patch their systems immediately.
- CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, urging organizations to take immediate action to mitigate the vulnerability.
- In the Wild: The vulnerability is actively exploited by hackers, highlighting the need for prompt remediation.
- Threat Actors: Known ransomware campaigns are exploiting this vulnerability, increasing the risk of data breaches and financial losses.
Mitigation Strategies
- Apply Patches: Install the latest security patches from PHP as soon as possible.
- Disable PHP-CGI: If possible, disable the PHP-CGI module on Windows systems to prevent exploitation.
- Restrict Access: Limit access to the PHP binary and ensure that only authorized users can execute PHP scripts.
- Use a Web Application Firewall (WAF): Implement a WAF to block malicious requests and protect against exploitation attempts.
Additional Information
If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.
Indicators of Compromise
No IOCs found for this CVE
Exploits
| Title | Software Link | Date |
|---|---|---|
| cybersagor/CVE-2024-4577 | https://github.com/cybersagor/CVE-2024-4577 | 2024-07-05 |
| dbyMelina/CVE-2024-4577 | https://github.com/dbyMelina/CVE-2024-4577 | 2024-06-09 |
| BTtea/CVE-2024-4577-RCE-PoC | https://github.com/BTtea/CVE-2024-4577-RCE-PoC | 2024-11-06 |
| PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows) | 2024-06-14 | |
| PHP-CGI OS Command Injection Vulnerability | https://www.cisa.gov/search?g=CVE-2024-4577 | 2024-06-12 |
| VictorShem/CVE-2024-4577 | https://github.com/VictorShem/CVE-2024-4577 | 2024-06-17 |
| watchtowrlabs/CVE-2024-4577 | https://github.com/watchtowrlabs/CVE-2024-4577 | 2024-06-07 |
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs
News
CVE-2024-4577 Exploits in the Wild One Day After Disclosure
Kyle Lefton, Allen West & Sam Tinklenberg2025-04-01
CVE-2024-4577 Exploits in the Wild One Day After Disclosure | Akamai researchers have observed numerous exploit attempts for the PHP vulnerability CVE-2024-4577 as early as one day after disclosure.
feedburner.com
rss
forum
news
ISC StormCast for Monday, June 10th, 2024
Dr. Johannes B. Ullrich2024-06-10
ISC StormCast for Monday, June 10th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. PHP Vulnerablity Exploited; PyTorch RPC Vulnerability; Malicious VSCode ExtensionsPHP Unicode Remote Code Execution Exploit https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ PyTorch Distributed RPC Framework Remote Code Execution https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3 https://www.cve.org/CVERecord?id=CVE-2024-5480 Malicious VSCode Extensions Used by
sans.edu
rss
forum
news
ISC StormCast for Wednesday, August 21st, 2024
Dr. Johannes B. Ullrich2024-08-21
ISC StormCast for Wednesday, August 21st, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. MSFT IPv6 Vuln Update; MSFT August update and Linux boot issues; php cgi-bin exploited; f5 updatesWhere are we with CVE-2024-38063: Microsoft IPv6 Vulnerability https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186 Microsoft August Update Prevents Linux from Booting https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354 PHP CGI Vulnerability Exploited CVE-2024-4577 <a href="https://symantec-enterprise-blogs.security.com
sans.edu
rss
forum
news
Vulnerabilità critica in PHP sfruttata in the wild
certyoroi2025-04-01
Vulnerabilità critica in PHP sfruttata in the wild | PROTO: N240619 CERT-Yoroi informa che è stata resa nota una vulnerabilità critica sul linguaggio di programmazione PHP che consente ad utenti malintenzionati di eseguire del codice da remoto arbitrario sui sistemi target. Tale vulnerabilità, nota con l’identificativo CVE-2024-4577, è causata da una falla che interessa la feature “Best-Fit”, adibita per la conversione della codifica dei […]PROTO: N240619 CERT-Yoroi informa che è stata resa nota una vulnerabilità critica sul linguaggio di
yoroi.company
rss
forum
news
Sicherheitslücke (CVE-2024-4577) für Remote-Code Ausführung in PHP-CGI / XAMPP entdeckt
CERT.at2025-04-01
Sicherheitslücke (CVE-2024-4577) für Remote-Code Ausführung in PHP-CGI / XAMPP entdeckt | Update: 7. Juni 16:10: Es liegen uns erste Berichte vor, nach denen bereits nach verwundbaren Systemen gescannt wird. In PHP-CGI wurde eine Sicherheitslücke (CVE-2024-4577) entdeckt, die es Angreifern ermöglicht, aus der Ferne und ohne
cve-2024-4577
cve-2012-1823
php
windows
Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION
Pierluigi Paganini2025-03-23
Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION | A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash Zero-day broker Operation Zero offers up to […] A new round of the weekly SecurityAffairs newsletter
securityaffairs.co
rss
forum
news
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38
Pierluigi Paganini2025-03-23
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38 | Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes  ClearFake’s New Widespread Variant: Increased Web3 […] Security Affairs Malware newsletter includes a collection of the best
securityaffairs.co
rss
forum
news
Social Media
Bryce Kunz
@TweekFawkes
Cybercriminals are now officially pathetic.
They're exploiting a PHP vuln (CVE-2024-4577) and then... fighting EACH OTHER over the compromised servers. 🤦♂️
Using the *same vulnerability* to try and block *rival hackers'* IPs.
This isn't sophisticated cyber warfare. It's idiots https://t.co/U48aIeBchF
0
0
0
Threat Intelligence
@threatintel
#ThreatProtection #CVE-2024-4577 makes a return in recent #malware campaigns. Read more: https://t.co/u2qG0kCBp1 #PHP #vulnerability https://t.co/IGG6YS6CAK
0
0
2
Trellix Advanced Research Center
@TrellixARC
3️⃣ Mass Exploitation Of PHP CGI Vulnerability (CVE-2024-4577)
Threat level: Medium 🟧
CVE-2024-4577, a critical PHP vulnerability affecting Windows CGI implementations, has been under active exploitation since June 2024.
1
0
0
DeepFlow
@DeepFlowcc
Hackers are exploiting a PHP flaw (CVE-2024-4577) to drop crypto miners & RATs like Quasar! Taiwan, HK, Brazil top targets. Some even block rival hackers—talk about cyber turf wars! Patch PHP now & restrict PowerShell. #CyberSecurity #Hacking #Crypto #ThreatIntel
0
0
0
Hunt.io
@Huntio
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners 🚩
https://t.co/kynTNvXZlz
A critical vulnerability in #PHP (CVE-2024-4577) allows attackers to execute arbitrary code on Windows-based systems, leading to the deployment of #QuasarRAT and #XMRig miners.
0
0
0
Sami Laiho
@samilaiho
Escalating Attacks Targeting CVE-2024-4577 in PHP-CGI for Windows - Greenbone https://t.co/w9r1vBu6tg
0
0
0
ProPakistani
@ProPakistaniPK
The National Computer Emergency Response Team (NCERT) has issued an advisory regarding a critical PHP vulnerability, tracked as CVE-2024-4577, which threatens Windows-based systems running in CGI mode.
Read More: https://t.co/DnPLof0pwG https://t.co/Rd1hy5BVIe
0
0
0
Cybersecurity News Everyday
@TweetThreatNews
🚨 Alert: CVE-2024-4577 vulnerability in PHP allows remote code execution on Windows systems. Exploitation spikes in Taiwan & Hong Kong. Beware of cryptojacking and malware! #PHPvulnerability #Taiwan #MalwareThreats
link: https://t.co/x95YiUN8LZ https://t.co/nshsFAXd9h
0
0
0
MainNerve LLC
@MainNerve
A critical vulnerability (CVE-2024-4577) affecting PHP installations on Windows systems is being widely exploited. Initially disclosed in June 2024, this flaw allows remote code execution.
#CyberSecurity #PHPVulnerability #CVE20244577 #PatchNow https://t.co/xXbnPzEyQQ
0
0
0
Bryce Kunz
@TweekFawkes
Urgent Security Alert: Critical PHP flaw under mass exploitation! 🚨
Hackers are actively exploiting CVE-2024-4577 to hijack Windows servers for cryptojacking and more.
https://t.co/3uG3OW5l2p https://t.co/Dpr6QPawxV
0
0
0
Affected Software
Configuration 1
| Type | Vendor | Product | |
|---|---|---|---|
| App | Php | php |
Configuration 2
| Type | Vendor | Product | |
|---|---|---|---|
| OS | Fedoraproject | fedora |
References
| Reference | Link |
|---|---|
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| [email protected] | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| [email protected] | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| [email protected] | https://github.com/11whoami99/CVE-2024-4577 |
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://github.com/rapid7/metasploit-framework/pull/19247 |
| [email protected] | https://github.com/watchtowrlabs/CVE-2024-4577 |
| [email protected] | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| [email protected] | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| [email protected] | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.1.29 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.2.20 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.3.8 |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| [email protected] | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| [email protected] | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| [email protected] | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| [email protected] | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| [email protected] | https://github.com/11whoami99/CVE-2024-4577 |
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://github.com/rapid7/metasploit-framework/pull/19247 |
| [email protected] | https://github.com/watchtowrlabs/CVE-2024-4577 |
| [email protected] | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| [email protected] | https://isc.sans.edu/diary/30994 |
| [email protected] | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| [email protected] | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.1.29 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.2.20 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.3.8 |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| [email protected] | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| [email protected] | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| [email protected] | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| [email protected] | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| [email protected] | https://github.com/11whoami99/CVE-2024-4577 |
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://github.com/rapid7/metasploit-framework/pull/19247 |
| [email protected] | https://github.com/watchtowrlabs/CVE-2024-4577 |
| [email protected] | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| [email protected] | https://isc.sans.edu/diary/30994 |
| [email protected] | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| [email protected] | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.1.29 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.2.20 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.3.8 |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| [email protected] | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| [email protected] | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| [email protected] | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| [email protected] | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| [email protected] | https://github.com/11whoami99/CVE-2024-4577 |
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://github.com/rapid7/metasploit-framework/pull/19247 |
| [email protected] | https://github.com/watchtowrlabs/CVE-2024-4577 |
| [email protected] | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| [email protected] | https://isc.sans.edu/diary/30994 |
| [email protected] | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ |
| [email protected] | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.1.29 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.2.20 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.3.8 |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| [email protected] | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| [email protected] | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| [email protected] | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| [email protected] | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| [email protected] | https://github.com/11whoami99/CVE-2024-4577 |
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://github.com/rapid7/metasploit-framework/pull/19247 |
| [email protected] | https://github.com/watchtowrlabs/CVE-2024-4577 |
| [email protected] | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| [email protected] | https://isc.sans.edu/diary/30994 |
| [email protected] | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ |
| [email protected] | https://security.netapp.com/advisory/ntap-20240621-0008/ |
| [email protected] | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.1.29 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.2.20 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.3.8 |
| AF854A3A-2127-422B-91AE-364DA2661108 | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/11whoami99/CVE-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/rapid7/metasploit-framework/pull/19247 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/watchtowrlabs/CVE-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://isc.sans.edu/diary/30994 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://security.netapp.com/advisory/ntap-20240621-0008/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.1.29 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.2.20 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.3.8 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577 |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| [email protected] | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| [email protected] | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| [email protected] | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| [email protected] | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| [email protected] | https://github.com/11whoami99/CVE-2024-4577 |
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://github.com/rapid7/metasploit-framework/pull/19247 |
| [email protected] | https://github.com/watchtowrlabs/CVE-2024-4577 |
| [email protected] | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| [email protected] | https://isc.sans.edu/diary/30994 |
| [email protected] | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ |
| [email protected] | https://security.netapp.com/advisory/ntap-20240621-0008/ |
| [email protected] | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.1.29 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.2.20 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.3.8 |
| AF854A3A-2127-422B-91AE-364DA2661108 | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://blog.talosintelligence.com/new-persistent-attacks-japan/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/11whoami99/CVE-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/rapid7/metasploit-framework/pull/19247 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/watchtowrlabs/CVE-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://isc.sans.edu/diary/30994 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://security.netapp.com/advisory/ntap-20240621-0008/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.1.29 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.2.20 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.3.8 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577 |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| [email protected] | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| [email protected] | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| [email protected] | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| [email protected] | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| [email protected] | https://github.com/11whoami99/CVE-2024-4577 |
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://github.com/rapid7/metasploit-framework/pull/19247 |
| [email protected] | https://github.com/watchtowrlabs/CVE-2024-4577 |
| [email protected] | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| [email protected] | https://isc.sans.edu/diary/30994 |
| [email protected] | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ |
| [email protected] | https://security.netapp.com/advisory/ntap-20240621-0008/ |
| [email protected] | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.1.29 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.2.20 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.3.8 |
| GITHUB | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| GITHUB | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| GITHUB | https://github.com/11whoami99/CVE-2024-4577 |
| GITHUB | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| GITHUB | https://github.com/watchtowrlabs/CVE-2024-4577 |
| GITHUB | https://isc.sans.edu/diary/30994 |
| GITHUB | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://blog.talosintelligence.com/new-persistent-attacks-japan/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/11whoami99/CVE-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/rapid7/metasploit-framework/pull/19247 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/watchtowrlabs/CVE-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://isc.sans.edu/diary/30994 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://security.netapp.com/advisory/ntap-20240621-0008/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.1.29 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.2.20 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.php.net/ChangeLog-8.php#8.3.8 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577 |
| AF854A3A-2127-422B-91AE-364DA2661108 | https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577 |
| [email protected] | http://www.openwall.com/lists/oss-security/2024/06/07/1 |
| [email protected] | https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ |
| [email protected] | https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html |
| [email protected] | https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately |
| [email protected] | https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ |
| [email protected] | https://github.com/11whoami99/CVE-2024-4577 |
| [email protected] | https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv |
| [email protected] | https://github.com/rapid7/metasploit-framework/pull/19247 |
| [email protected] | https://github.com/watchtowrlabs/CVE-2024-4577 |
| [email protected] | https://github.com/xcanwin/CVE-2024-4577-PHP-RCE |
| [email protected] | https://isc.sans.edu/diary/30994 |
| [email protected] | https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ |
| [email protected] | https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ |
| [email protected] | https://security.netapp.com/advisory/ntap-20240621-0008/ |
| [email protected] | https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.1.29 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.2.20 |
| [email protected] | https://www.php.net/ChangeLog-8.php#8.3.8 |
CWE Details
| CWE ID | CWE Name | Description |
|---|---|---|
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
CVE Radar
Real-time CVE Intelligence & Vulnerability Management Platform
CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.
Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence