Vulnerability-Lookup

CVE-2024-4577 (GCVE-0-2024-4577)

Vulnerability from cvelistv5 – Published: 2024-06-09 19:42 – Updated: 2025-10-21 23:05

CISA KEV

Title

Argument Injection in PHP-CGI

Summary

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: active Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Assigner

php

References

23 references

URL	Tags
https://github.com/php/php-src/security/advisorie…
https://blog.orange.tw/2024/06/cve-2024-4577-yet-…
https://devco.re/blog/2024/06/06/security-alert-c…
https://arstechnica.com/security/2024/06/php-vuln…
https://www.imperva.com/blog/imperva-protects-aga…
https://github.com/11whoami99/CVE-2024-4577
https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
https://github.com/rapid7/metasploit-framework/pu…
https://labs.watchtowr.com/no-way-php-strikes-aga…
https://github.com/watchtowrlabs/CVE-2024-4577
https://www.php.net/ChangeLog-8.php#8.1.29
https://www.php.net/ChangeLog-8.php#8.2.20
https://www.php.net/ChangeLog-8.php#8.3.8
https://cert.be/en/advisory/warning-php-remote-co…
https://isc.sans.edu/diary/30994
http://www.openwall.com/lists/oss-security/2024/06/07/1
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://security.netapp.com/advisory/ntap-2024062…
https://www.cisa.gov/known-exploited-vulnerabilit…	government-resource
https://www.vicarius.io/vsociety/posts/php-cgi-os…
https://www.vicarius.io/vsociety/posts/php-cgi-ar…
https://blog.talosintelligence.com/new-persistent…

Impacted products

4 products

Vendor	Product	Version
PHP Group	PHP	Affected: 8.1.* , < 8.1.29 (semver) Affected: 8.2.* , < 8.2.20 (semver) Affected: 8.3.* , < 8.3.8 (semver)
php_group	php	Affected: 8.1.0 , < 8.1.29 (custom) cpe:2.3:a:php_group:php:8.1.0:::::::*
php_group	php	Affected: 8.2.0 , < 8.2.20 (custom) cpe:2.3:a:php_group:php:8.2.0:::::::*
php_group	php	Affected: 8.3.0 , < 8.3.8 (custom) cpe:2.3:a:php_group:php:8.3.0:::::::*

Date Public

2024-06-09 19:30

Credits

Orange Tsai, DEVCORE Research Team

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 9b9508b7-8e04-4693-910c-c30a4b41a76d

Vulnerability ID: CVE-2024-4577

Status: Confirmed

Status Updated: 2024-06-12 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2024-06-12

Asserted: 2024-06-12

Scope

Notes: KEV entry: PHP-CGI OS Command Injection Vulnerability | Affected: PHP Group / PHP | Description: PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://www.php.net/ChangeLog-8.php#; https://nvd.nist.gov/vuln/detail/CVE-2024-4577

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-78
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	PHP
Due Date	2024-07-03
Date Added	2024-06-12
Vendorproject	PHP Group
Vulnerabilityname	PHP-CGI OS Command Injection Vulnerability
Knownransomwarecampaignuse	Known

References

CVE-2024-4577

Created: 2026-02-02 13:24 UTC | Updated: 2026-02-06 07:53 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:8.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.1.29",
                "status": "affected",
                "version": "8.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:8.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.2.20",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:php_group:php:8.3.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "php",
            "vendor": "php_group",
            "versions": [
              {
                "lessThan": "8.3.8",
                "status": "affected",
                "version": "8.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4577",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-15T03:55:28.430189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-06-12",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:05:16.089Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-06-12T00:00:00.000Z",
            "value": "CVE-2024-4577 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-14T01:24:54.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577"
          },
          {
            "url": "https://blog.talosintelligence.com/new-persistent-attacks-japan/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/11whoami99/CVE-2024-4577"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rapid7/metasploit-framework/pull/19247"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/watchtowrlabs/CVE-2024-4577"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.php.net/ChangeLog-8.php#8.1.29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.php.net/ChangeLog-8.php#8.2.20"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.php.net/ChangeLog-8.php#8.3.8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://isc.sans.edu/diary/30994"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0008/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "modules": [
            "CGI"
          ],
          "platforms": [
            "Windows"
          ],
          "product": "PHP",
          "repo": "https://github.com/php/php-src",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "8.1.29",
              "status": "affected",
              "version": "8.1.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.2.20",
              "status": "affected",
              "version": "8.2.*",
              "versionType": "semver"
            },
            {
              "lessThan": "8.3.8",
              "status": "affected",
              "version": "8.3.*",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This problem is only present in Windows versions of PHP running in CGI mode, in systems where a codepage using \"Best Fit\" strategy is enabled.\u0026nbsp;\u003cbr\u003e"
            }
          ],
          "value": "This problem is only present in Windows versions of PHP running in CGI mode, in systems where a codepage using \"Best Fit\" strategy is enabled."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Orange Tsai, DEVCORE Research Team"
        }
      ],
      "datePublic": "2024-06-09T19:30:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In PHP versions\u003cspan style=\"background-color: var(--wht);\"\u003e\u0026nbsp;8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBest-Fit\" behavior to replace characters in command line given to\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWin32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003e\u003cbr\u003e\u003c/span\u003e"
            }
          ],
          "value": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:08:41.387Z",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv"
        },
        {
          "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html"
        },
        {
          "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/"
        },
        {
          "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/"
        },
        {
          "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/"
        },
        {
          "url": "https://github.com/11whoami99/CVE-2024-4577"
        },
        {
          "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE"
        },
        {
          "url": "https://github.com/rapid7/metasploit-framework/pull/19247"
        },
        {
          "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/"
        },
        {
          "url": "https://github.com/watchtowrlabs/CVE-2024-4577"
        },
        {
          "url": "https://www.php.net/ChangeLog-8.php#8.1.29"
        },
        {
          "url": "https://www.php.net/ChangeLog-8.php#8.2.20"
        },
        {
          "url": "https://www.php.net/ChangeLog-8.php#8.3.8"
        },
        {
          "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately"
        },
        {
          "url": "https://isc.sans.edu/diary/30994"
        },
        {
          "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0008/"
        }
      ],
      "source": {
        "advisory": "GHSA-3qgc-jrrr-25jv",
        "discovery": "EXTERNAL"
      },
      "title": "Argument Injection in PHP-CGI",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2024-4577",
    "datePublished": "2024-06-09T19:42:36.464Z",
    "dateReserved": "2024-05-06T22:21:01.742Z",
    "dateUpdated": "2025-10-21T23:05:16.089Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-4577",
      "cwes": "[\"CWE-78\"]",
      "dateAdded": "2024-06-12",
      "dueDate": "2024-07-03",
      "knownRansomwareCampaignUse": "Known",
      "notes": "This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see:  https://www.php.net/ChangeLog-8.php#;   https://nvd.nist.gov/vuln/detail/CVE-2024-4577",
      "product": "PHP",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.",
      "vendorProject": "PHP Group",
      "vulnerabilityName": "PHP-CGI OS Command Injection Vulnerability"
    },
    "epss": {
      "cve": "CVE-2024-4577",
      "date": "2026-06-05",
      "epss": "0.94374",
      "percentile": "0.99967"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-4577\",\"sourceIdentifier\":\"security@php.net\",\"published\":\"2024-06-09T20:15:09.550\",\"lastModified\":\"2025-11-03T19:23:39.437\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \\\"Best-Fit\\\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\"},{\"lang\":\"es\",\"value\":\"En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema est\u00e1 configurado para usar ciertas p\u00e1ginas de c\u00f3digos, Windows puede utilizar el comportamiento \\\"Mejor ajuste\\\" para reemplazar caracteres en la l\u00ednea de comando proporcionada a las funciones de la API de Win32. El m\u00f3dulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se est\u00e1 ejecutando y, por lo tanto, revelar el c\u00f3digo fuente de los scripts, ejecutar c\u00f3digo PHP arbitrario en el servidor, etc.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2024-06-12\",\"cisaActionDue\":\"2024-07-03\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"PHP-CGI OS Command Injection Vulnerability\",\"weaknesses\":[{\"source\":\"security@php.net\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.29\",\"matchCriteriaId\":\"7DC2EEF8-834B-42A1-8DA3-0C2CF22A7070\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.20\",\"matchCriteriaId\":\"A39988FF-D854-4277-9D66-6911AF371DD3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.3.0\",\"versionEndExcluding\":\"8.3.8\",\"matchCriteriaId\":\"F579FFC1-4F81-4755-B14B-3AA73AC9FF7A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2024/06/07/1\",\"source\":\"security@php.net\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/11whoami99/CVE-2024-4577\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rapid7/metasploit-framework/pull/19247\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/watchtowrlabs/CVE-2024-4577\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xcanwin/CVE-2024-4577-PHP-RCE\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://isc.sans.edu/diary/30994\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/\",\"source\":\"security@php.net\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/\",\"source\":\"security@php.net\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/\",\"source\":\"security@php.net\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0008/\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/\",\"source\":\"security@php.net\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.php.net/ChangeLog-8.php#8.1.29\",\"source\":\"security@php.net\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.php.net/ChangeLog-8.php#8.2.20\",\"source\":\"security@php.net\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.php.net/ChangeLog-8.php#8.3.8\",\"source\":\"security@php.net\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2024/06/07/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.talosintelligence.com/new-persistent-attacks-japan/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/11whoami99/CVE-2024-4577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rapid7/metasploit-framework/pull/19247\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/watchtowrlabs/CVE-2024-4577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xcanwin/CVE-2024-4577-PHP-RCE\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://isc.sans.edu/diary/30994\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240621-0008/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.php.net/ChangeLog-8.php#8.1.29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.php.net/ChangeLog-8.php#8.2.20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.php.net/ChangeLog-8.php#8.3.8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577\"}, {\"url\": \"https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577\"}, {\"url\": \"https://blog.talosintelligence.com/new-persistent-attacks-japan/\"}, {\"url\": \"https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/11whoami99/CVE-2024-4577\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/xcanwin/CVE-2024-4577-PHP-RCE\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/rapid7/metasploit-framework/pull/19247\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/watchtowrlabs/CVE-2024-4577\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.php.net/ChangeLog-8.php#8.1.29\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.php.net/ChangeLog-8.php#8.2.20\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.php.net/ChangeLog-8.php#8.3.8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://isc.sans.edu/diary/30994\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/06/07/1\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0008/\", \"tags\": [\"x_transferred\"]}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-03-14T01:24:54.997Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-4577\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-15T03:55:28.430189Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-06-12\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:php_group:php:8.1.0:*:*:*:*:*:*:*\"], \"vendor\": \"php_group\", \"product\": \"php\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1.0\", \"lessThan\": \"8.1.29\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:php_group:php:8.2.0:*:*:*:*:*:*:*\"], \"vendor\": \"php_group\", \"product\": \"php\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.2.0\", \"lessThan\": \"8.2.20\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:php_group:php:8.3.0:*:*:*:*:*:*:*\"], \"vendor\": \"php_group\", \"product\": \"php\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.3.0\", \"lessThan\": \"8.3.8\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-06-12T00:00:00.000Z\", \"value\": \"CVE-2024-4577 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-10T13:01:38.182Z\"}}], \"cna\": {\"title\": \"Argument Injection in PHP-CGI\", \"source\": {\"advisory\": \"GHSA-3qgc-jrrr-25jv\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Orange Tsai, DEVCORE Research Team\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/php/php-src\", \"vendor\": \"PHP Group\", \"modules\": [\"CGI\"], \"product\": \"PHP\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.1.*\", \"lessThan\": \"8.1.29\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.2.*\", \"lessThan\": \"8.2.20\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.3.*\", \"lessThan\": \"8.3.8\", \"versionType\": \"semver\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2024-06-09T19:30:00.000Z\", \"references\": [{\"url\": \"https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv\"}, {\"url\": \"https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html\"}, {\"url\": \"https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/\"}, {\"url\": \"https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/\"}, {\"url\": \"https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/\"}, {\"url\": \"https://github.com/11whoami99/CVE-2024-4577\"}, {\"url\": \"https://github.com/xcanwin/CVE-2024-4577-PHP-RCE\"}, {\"url\": \"https://github.com/rapid7/metasploit-framework/pull/19247\"}, {\"url\": \"https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/\"}, {\"url\": \"https://github.com/watchtowrlabs/CVE-2024-4577\"}, {\"url\": \"https://www.php.net/ChangeLog-8.php#8.1.29\"}, {\"url\": \"https://www.php.net/ChangeLog-8.php#8.2.20\"}, {\"url\": \"https://www.php.net/ChangeLog-8.php#8.3.8\"}, {\"url\": \"https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately\"}, {\"url\": \"https://isc.sans.edu/diary/30994\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2024/06/07/1\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0008/\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In PHP versions\\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \\\"Best-Fit\\\" behavior to replace characters in command line given to\\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"In PHP versions\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u0026nbsp;8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \\\"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eBest-Fit\\\" behavior to replace characters in command line given to\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eWin32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.\u0026nbsp;\u003c/span\u003e\u003c/span\u003e\u003c/span\u003e\u003cspan style=\\\"background-color: var(--wht);\\\"\u003e\u003cbr\u003e\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"This problem is only present in Windows versions of PHP running in CGI mode, in systems where a codepage using \\\"Best Fit\\\" strategy is enabled.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"This problem is only present in Windows versions of PHP running in CGI mode, in systems where a codepage using \\\"Best Fit\\\" strategy is enabled.\u0026nbsp;\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"dd77f84a-d19a-4638-8c3d-a322d820ed2b\", \"shortName\": \"php\", \"dateUpdated\": \"2024-06-21T19:08:41.387Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-4577\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:05:16.089Z\", \"dateReserved\": \"2024-05-06T22:21:01.742Z\", \"assignerOrgId\": \"dd77f84a-d19a-4638-8c3d-a322d820ed2b\", \"datePublished\": \"2024-06-09T19:42:36.464Z\", \"assignerShortName\": \"php\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

BDU:2024-04432

Vulnerability from fstec - Published: 06.06.2024

Title

Уязвимость интерпретатора языка программирования PHP, существующая из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системмы, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость интерпретатора языка программирования PHP существует из-за непринятия мер по нейтрализации специальных элементов, используемых в команде операционной системы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код путём отправки специально сформированного HTTP-запроса

Severity


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Microsoft Corp, ООО «Ред Софт», PHP Group

Software Name

Windows, РЕД ОС (запись в едином реестре российских программ №3751), PHP

Software Version

- (Windows), 7.3 (РЕД ОС), от 8.3 до 8.3.8 (PHP), от 8.2 до 8.2.20 (PHP), от 8.1 до 8.1.29 (PHP)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - ограничение возможности запуска cgi-скриптов, полученных из недоверенных источников; - переход с PHP CGI на более безопасную архитектуру (Mod-PHP, FastCGI или PHP-FPM); использование SIEM-систем для отслеживания попыток эксплуатации уязвимости; - использование средств межсетевого экранирования уровня веб-приложений для ограничения возможности удалённого доступа. Использование рекомендаций производителя: https://www.php.net/downloads http://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Reference

https://www.php.net/downloads http://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-78

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, PHP Group",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows), 7.3 (\u0420\u0415\u0414 \u041e\u0421), \u043e\u0442 8.3 \u0434\u043e 8.3.8 (PHP), \u043e\u0442 8.2 \u0434\u043e 8.2.20 (PHP), \u043e\u0442 8.1 \u0434\u043e 8.1.29 (PHP)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 cgi-\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0432, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u044b\u0445 \u0438\u0437 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432;\n- \u043f\u0435\u0440\u0435\u0445\u043e\u0434 \u0441 PHP CGI \u043d\u0430 \u0431\u043e\u043b\u0435\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0443\u044e \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u0443 (Mod-PHP, FastCGI \u0438\u043b\u0438 PHP-FPM);\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 SIEM-\u0441\u0438\u0441\u0442\u0435\u043c \u0434\u043b\u044f \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0440\u043e\u0432\u043d\u044f \u0432\u0435\u0431-\u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://www.php.net/downloads\nhttp://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.06.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04432",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-4577",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), PHP",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows - , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP, \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u044e\u0449\u0430\u044f \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u043c\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u043d\u0442\u0435\u0440\u043f\u0440\u0435\u0442\u0430\u0442\u043e\u0440\u0430 \u044f\u0437\u044b\u043a\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f PHP \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u044f \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u043f\u0443\u0442\u0451\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.php.net/downloads\nhttp://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}

bit-libphp-2024-4577

Vulnerability from bitnami_vulndb

Published

2025-08-11 13:54

Modified

2025-10-22 09:08

Summary

Argument Injection in PHP-CGI

Details

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "libphp",
        "purl": "pkg:bitnami/libphp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.1.29"
            },
            {
              "introduced": "8.2.0"
            },
            {
              "fixed": "8.2.20"
            },
            {
              "introduced": "8.3.0"
            },
            {
              "fixed": "8.3.8"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-4577"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.",
  "id": "BIT-libphp-2024-4577",
  "modified": "2025-10-22T09:08:25.162Z",
  "published": "2025-08-11T13:54:18.697Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
    },
    {
      "type": "WEB",
      "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/"
    },
    {
      "type": "WEB",
      "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html"
    },
    {
      "type": "WEB",
      "url": "https://blog.talosintelligence.com/new-persistent-attacks-japan/"
    },
    {
      "type": "WEB",
      "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately"
    },
    {
      "type": "WEB",
      "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/"
    },
    {
      "type": "WEB",
      "url": "https://github.com/11whoami99/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rapid7/metasploit-framework/pull/19247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/watchtowrlabs/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE"
    },
    {
      "type": "WEB",
      "url": "https://isc.sans.edu/diary/30994"
    },
    {
      "type": "WEB",
      "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0008/"
    },
    {
      "type": "WEB",
      "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.1.29"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.2.20"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.3.8"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577"
    }
  ],
  "schema_version": "1.6.2",
  "summary": "Argument Injection in PHP-CGI"
}

bit-php-2024-4577

Vulnerability from bitnami_vulndb

Published

2024-06-12 07:30

Modified

2025-10-22 09:08

Summary

Argument Injection in PHP-CGI

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "php",
        "purl": "pkg:bitnami/php"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.1.29"
            },
            {
              "introduced": "8.2.0"
            },
            {
              "fixed": "8.2.20"
            },
            {
              "introduced": "8.3.0"
            },
            {
              "fixed": "8.3.8"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-4577"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
  },
  "details": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.",
  "id": "BIT-php-2024-4577",
  "modified": "2025-10-22T09:08:25.162Z",
  "published": "2024-06-12T07:30:56.913Z",
  "references": [
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
    },
    {
      "type": "WEB",
      "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/"
    },
    {
      "type": "WEB",
      "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html"
    },
    {
      "type": "WEB",
      "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately"
    },
    {
      "type": "WEB",
      "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/"
    },
    {
      "type": "WEB",
      "url": "https://github.com/11whoami99/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rapid7/metasploit-framework/pull/19247"
    },
    {
      "type": "WEB",
      "url": "https://github.com/watchtowrlabs/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE"
    },
    {
      "type": "WEB",
      "url": "https://isc.sans.edu/diary/30994"
    },
    {
      "type": "WEB",
      "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/"
    },
    {
      "type": "WEB",
      "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.1.29"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.2.20"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.3.8"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0008/"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://blog.talosintelligence.com/new-persistent-attacks-japan/"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "Argument Injection in PHP-CGI"
}

CERTFR-2024-AVI-0468

Vulnerability from certfr_avis - Published: 2024-06-07 - Updated: 2024-06-07

De multiples vulnérabilités ont été découvertes dans PHP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
PHP	N/A	PHP versions 8.3.x antérieures à 8.3.8
PHP	N/A	PHP versions 8.2.x antérieures à 8.2.20
PHP	N/A	PHP versions 8.1.x antérieures à 8.1.29

References

Title

Publication Time

Tags

Bulletin de sécurité PHP 8.1.29	2024-06-06	vendor-advisory
Bulletin de sécurité PHP 8.2.20	2024-06-06	vendor-advisory
Bulletin de sécurité PHP 8.3.8	2024-06-06	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP versions 8.3.x ant\u00e9rieures \u00e0 8.3.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP versions 8.2.x ant\u00e9rieures \u00e0 8.2.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP versions 8.1.x ant\u00e9rieures \u00e0 8.1.29",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-5458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5458"
    },
    {
      "name": "CVE-2024-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4577"
    },
    {
      "name": "CVE-2024-5585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5585"
    }
  ],
  "initial_release_date": "2024-06-07T00:00:00",
  "last_revision_date": "2024-06-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0468",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-06-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": "2024-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 8.1.29",
      "url": "https://www.php.net/ChangeLog-8.php#8.1.29"
    },
    {
      "published_at": "2024-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 8.2.20",
      "url": "https://www.php.net/ChangeLog-8.php#8.2.20"
    },
    {
      "published_at": "2024-06-06",
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 8.3.8",
      "url": "https://www.php.net/ChangeLog-8.php#8.3.8"
    }
  ]
}

CERTFR-2024-AVI-0565

Vulnerability from certfr_avis - Published: 2024-07-11 - Updated: 2024-07-11

Une vulnérabilité a été découverte dans les produits Mitel. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Mitel	Mitel CMG Suite	Mitel CMG Suite toutes versions sans le dernier correctif de sécurité
Mitel	Unify OpenScape Voice Trace Manager	Unify OpenScape Voice Trace Manager versions antérieures à V8.R0.9.14
Mitel	MiContact Center Enterprise	MiContact Center Enterprise toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Mitel OBSO-2407-01	2024-07-10	vendor-advisory
Bulletin de sécurité Mitel 24-0018	2024-07-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mitel CMG Suite toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Mitel CMG Suite",
        "vendor": {
          "name": "Mitel",
          "scada": false
        }
      }
    },
    {
      "description": "Unify OpenScape Voice Trace Manager versions ant\u00e9rieures \u00e0 V8.R0.9.14",
      "product": {
        "name": "Unify OpenScape Voice Trace Manager",
        "vendor": {
          "name": "Mitel",
          "scada": false
        }
      }
    },
    {
      "description": "MiContact Center Enterprise toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "MiContact Center Enterprise",
        "vendor": {
          "name": "Mitel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4577"
    }
  ],
  "initial_release_date": "2024-07-11T00:00:00",
  "last_revision_date": "2024-07-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0565",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Mitel. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Mitel",
  "vendor_advisories": [
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Mitel OBSO-2407-01",
      "url": "https://www.mitel.com/support/security-advisories/obso-2407-01"
    },
    {
      "published_at": "2024-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Mitel 24-0018",
      "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0018"
    }
  ]
}

CERTFR-2024-AVI-0818

Vulnerability from certfr_avis - Published: 2024-09-27 - Updated: 2024-09-27

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
PHP	PHP	PHP versions 8.2.x antérieures à 8.2.24
PHP	PHP	PHP versions antérieures à 8.1.30
PHP	PHP	PHP versions 8.3.x antérieures à 8.3.12

References

Title

Publication Time

Tags

Bulletin de sécurité PHP 8.2.24	2024-09-26	vendor-advisory
Bulletin de sécurité PHP 8.3.12	2024-09-26	vendor-advisory
Bulletin de sécurité PHP 8.1.30	2024-09-26	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PHP versions 8.2.x ant\u00e9rieures \u00e0 8.2.24",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP versions ant\u00e9rieures \u00e0 8.1.30",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    },
    {
      "description": "PHP versions 8.3.x ant\u00e9rieures \u00e0 8.3.12",
      "product": {
        "name": "PHP",
        "vendor": {
          "name": "PHP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8927"
    },
    {
      "name": "CVE-2024-8925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8925"
    },
    {
      "name": "CVE-2024-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4577"
    },
    {
      "name": "CVE-2024-8926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8926"
    },
    {
      "name": "CVE-2024-9026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9026"
    }
  ],
  "initial_release_date": "2024-09-27T00:00:00",
  "last_revision_date": "2024-09-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0818",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans PHP. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans PHP",
  "vendor_advisories": [
    {
      "published_at": "2024-09-26",
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 8.2.24",
      "url": "https://www.php.net/ChangeLog-8.php#8.2.24"
    },
    {
      "published_at": "2024-09-26",
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 8.3.12",
      "url": "https://www.php.net/ChangeLog-8.php#8.3.12"
    },
    {
      "published_at": "2024-09-26",
      "title": "Bulletin de s\u00e9curit\u00e9 PHP 8.1.30",
      "url": "https://www.php.net/ChangeLog-8.php#8.1.30"
    }
  ]
}

CERTFR-2024-AVI-1046

Vulnerability from certfr_avis - Published: 2024-12-06 - Updated: 2024-12-06

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Security Center	Security Center versions antérieures à 6.5.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2024-19

2024-12-06

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security Center versions ant\u00e9rieures \u00e0 6.5.0",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-5458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5458"
    },
    {
      "name": "CVE-2024-4577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4577"
    },
    {
      "name": "CVE-2024-5585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5585"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2023-49582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49582"
    },
    {
      "name": "CVE-2024-12174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12174"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    }
  ],
  "initial_release_date": "2024-12-06T00:00:00",
  "last_revision_date": "2024-12-06T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-1046",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-12-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Tenable. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
  "vendor_advisories": [
    {
      "published_at": "2024-12-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2024-19",
      "url": "https://www.tenable.com/security/tns-2024-19"
    }
  ]
}

FKIE_CVE-2024-4577

Vulnerability from fkie_nvd - Published: 2024-06-09 20:15 - Updated: 2025-11-03 19:23

CISA KEV

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security@php.net	http://www.openwall.com/lists/oss-security/2024/06/07/1	Mailing List, Third Party Advisory
security@php.net	https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/	Exploit, Press/Media Coverage, Third Party Advisory
security@php.net	https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html	Third Party Advisory
security@php.net	https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately	Third Party Advisory
security@php.net	https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/	Exploit, Third Party Advisory
security@php.net	https://github.com/11whoami99/CVE-2024-4577	Exploit
security@php.net	https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv	Exploit, Third Party Advisory
security@php.net	https://github.com/rapid7/metasploit-framework/pull/19247	Exploit, Issue Tracking, Patch
security@php.net	https://github.com/watchtowrlabs/CVE-2024-4577	Exploit, Third Party Advisory
security@php.net	https://github.com/xcanwin/CVE-2024-4577-PHP-RCE	Exploit, Third Party Advisory
security@php.net	https://isc.sans.edu/diary/30994	Exploit, Third Party Advisory
security@php.net	https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/	Exploit, Third Party Advisory
security@php.net	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/	Mailing List
security@php.net	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/	Mailing List
security@php.net	https://security.netapp.com/advisory/ntap-20240621-0008/	Third Party Advisory
security@php.net	https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/	Third Party Advisory
security@php.net	https://www.php.net/ChangeLog-8.php#8.1.29	Release Notes
security@php.net	https://www.php.net/ChangeLog-8.php#8.2.20	Release Notes
security@php.net	https://www.php.net/ChangeLog-8.php#8.3.8	Release Notes
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2024/06/07/1	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/	Exploit, Press/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://blog.talosintelligence.com/new-persistent-attacks-japan/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/11whoami99/CVE-2024-4577	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rapid7/metasploit-framework/pull/19247	Exploit, Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/watchtowrlabs/CVE-2024-4577	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/xcanwin/CVE-2024-4577-PHP-RCE	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://isc.sans.edu/diary/30994	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20240621-0008/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.php.net/ChangeLog-8.php#8.1.29	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://www.php.net/ChangeLog-8.php#8.2.20	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://www.php.net/ChangeLog-8.php#8.3.8	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577	US Government Resource

Impacted products

Vendor	Product	Version
php	php	*
php	php	*
php	php	*
microsoft	windows	-
fedoraproject	fedora	39
fedoraproject	fedora	40

JSON

To clipboard

{
  "cisaActionDue": "2024-07-03",
  "cisaExploitAdd": "2024-06-12",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "PHP-CGI OS Command Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DC2EEF8-834B-42A1-8DA3-0C2CF22A7070",
              "versionEndExcluding": "8.1.29",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A39988FF-D854-4277-9D66-6911AF371DD3",
              "versionEndExcluding": "8.2.20",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F579FFC1-4F81-4755-B14B-3AA73AC9FF7A",
              "versionEndExcluding": "8.3.8",
              "versionStartIncluding": "8.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc."
    },
    {
      "lang": "es",
      "value": "En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema est\u00e1 configurado para usar ciertas p\u00e1ginas de c\u00f3digos, Windows puede utilizar el comportamiento \"Mejor ajuste\" para reemplazar caracteres en la l\u00ednea de comando proporcionada a las funciones de la API de Win32. El m\u00f3dulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se est\u00e1 ejecutando y, por lo tanto, revelar el c\u00f3digo fuente de los scripts, ejecutar c\u00f3digo PHP arbitrario en el servidor, etc."
    }
  ],
  "id": "CVE-2024-4577",
  "lastModified": "2025-11-03T19:23:39.437",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "security@php.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-06-09T20:15:09.550",
  "references": [
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/11whoami99/CVE-2024-4577"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/rapid7/metasploit-framework/pull/19247"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/watchtowrlabs/CVE-2024-4577"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://isc.sans.edu/diary/30994"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240621-0008/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.php.net/ChangeLog-8.php#8.1.29"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.php.net/ChangeLog-8.php#8.2.20"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.php.net/ChangeLog-8.php#8.3.8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Press/Media Coverage",
        "Third Party Advisory"
      ],
      "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://blog.talosintelligence.com/new-persistent-attacks-japan/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/11whoami99/CVE-2024-4577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/rapid7/metasploit-framework/pull/19247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/watchtowrlabs/CVE-2024-4577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://isc.sans.edu/diary/30994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20240621-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.php.net/ChangeLog-8.php#8.1.29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.php.net/ChangeLog-8.php#8.2.20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.php.net/ChangeLog-8.php#8.3.8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577"
    }
  ],
  "sourceIdentifier": "security@php.net",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "security@php.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-VXPP-6299-MXW3

Vulnerability from github – Published: 2024-06-09 21:30 – Updated: 2025-10-22 00:33

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-4577"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-09T20:15:09Z",
    "severity": "CRITICAL"
  },
  "details": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.",
  "id": "GHSA-vxpp-6299-mxw3",
  "modified": "2025-10-22T00:33:03Z",
  "published": "2024-06-09T21:30:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rapid7/metasploit-framework/pull/19247"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.3.8"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.2.20"
    },
    {
      "type": "WEB",
      "url": "https://www.php.net/ChangeLog-8.php#8.1.29"
    },
    {
      "type": "WEB",
      "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0008"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B"
    },
    {
      "type": "WEB",
      "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://isc.sans.edu/diary/30994"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE"
    },
    {
      "type": "WEB",
      "url": "https://github.com/watchtowrlabs/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://github.com/11whoami99/CVE-2024-4577"
    },
    {
      "type": "WEB",
      "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en"
    },
    {
      "type": "WEB",
      "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately"
    },
    {
      "type": "WEB",
      "url": "https://blog.talosintelligence.com/new-persistent-attacks-japan"
    },
    {
      "type": "WEB",
      "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html"
    },
    {
      "type": "WEB",
      "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-4577 (GCVE-0-2024-4577)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Vulnerability from bitnami_vulndb

Vulnerability from bitnami_vulndb

Solutions

Solutions

Solutions

Solutions

Tags

Sightings

Nomenclature