OS Command Injection

php81 is vulnerable to OS Command Injection. The vulnerability is due to misinterpretation of characters in the command line by the PHP CGI module when using certain code pages on Windows. This may allow a malicious user to pass options to the PHP binary, potentially revealing source code, runnin...

Exploit for OS Command Injection in Php

PHP CGI argument injection to RCE CVE-2024-4577 - exploit co...

VulnCheck KEV: CVE-2023-7308

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

PHP CGI Argument Injection Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PHP CGI Argument Injection Remote Code Execution', 'Description' = %q This module exploits a PHP CGI argument injection vulnerability affecting P...

PHP CGI Argument Injection Remote Code Execution

This module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant such as Chinese or Japanese, such that the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen 0xAD in...

OPENSUSE-SU-2024:10545-1 perl-CGI-Simple-1.115-1.4 on GA media

These are all security issues fixed in the perl-CGI-Simple-1.115-1.4 package on the GA media of openSUSE Tumbleweed...

PHP CGI Argument Injection Remote Code Execution

PHP versions 5.0.0 8.1.29, 8.2.x 8.2.20, 8.3.x 8.3.8 is affected by a vulnerability allowing an unauthenticated attacker to execute remote code via a specially forged request only when PHP is installed with Apache2 and PHP-CGI on Windows with certain languages code pages. No source data...

PHP < 8.3.8 - Unauthenticated Remote Code Execution (Windows) Exploit

This Metasploit module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant such as Chinese or Japanese, such that the Unicode best-fit conversion scheme will unexpectedly convert a soft...

[SECURITY] Fedora 39 Update: php-8.2.20-1.fc39

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

Fedora 39 : php (2024-52c23ef1ec)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-52c23ef1ec advisory. PHP version 8.2.20 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...

PHP-CGI Argument Injection CVE-2024-4577 (Direct Check)

Binary data phpargumentinjectioncve-2024-4577.nbin...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4610 ARM Mali GPU Kernel Driver Use-After-Free Vulnerability CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability These types of vulnerabilities are freque...

Exploit for OS Command Injection in Php

This YAML file is specifically designed for php-CGI vulnerabil...

[SECURITY] Fedora 40 Update: php-8.3.8-1.fc40

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

PHP-CGI OS Command Injection Vulnerability

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823...

Fedora 40 : php (2024-49aba7b305)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-49aba7b305 advisory. PHP version 8.3.8 06 Jun 2024 CGI: Fixed buffer limit on Windows, replacing read call usage by read. David Carlier Fixed bug GHSA-3qgc-jrrr-25jv...

Fedora: Security Advisory (FEDORA-2024-49aba7b305)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-4577

A flaw was found in PHP versions 8.1 before 8.1.29, 8.2 before 8.2.20, and 8.3 before 8.3.8. When using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use the "Best-Fit" behavior to replace characters in the command line given to Win32 API functions...

Enjin: Cloudflare /cdn-cgi/ path allows resizing images from unauthorised sources on enjinusercontent.com

The Cloudflare /cdn-cgi/ path on enjinusercontent.com was discovered to allow resizing and rendering of images from unauthorized sources without restriction. This behavior could have led to HTML injection, SSRF, and portal scanning attacks, as well as the unrestricted display of external resource...

ALSA-2024:3838 Moderate: ruby security update

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. The following packages have been upgraded to a later upstream version: ruby 3.0. AlmaLinux-35740 Security Fixes: ruby/cgi-gem: HTTP response...