CVE-2024-4577

🗓️ 11 Jun 2024 14:26:19Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 238 Views

Flaw in PHP-CGI on Windows allows malicious user to reveal source code or run arbitrary cod

Reporter	Title	Published	Views	Family All 185
GithubExploit	Exploit for OS Command Injection in Php	9 Jun 202423:32	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	23 Jun 202505:27	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	7 Jun 202409:42	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	8 Jun 202406:36	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	11 Jun 202415:11	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	14 Oct 202409:11	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	7 Jun 202409:51	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	12 Jun 202411:50	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	6 Jul 202419:37	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	13 Jun 202414:25	–	githubexploit

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-4577
openwall	www.openwall.com/lists/oss-security/2024/06/07/1
arstechnica	www.arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
blog	www.blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
cert	www.cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
devco	www.devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
github	www.github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
labs	www.labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

20 Dec 2024 19:23Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

EPSS0.94374

php windows cgi flaw source code arbitrary code