PHP-CGI OS Command Injection (CVE-2024-4577) #shorts #breaking
CVE
This CVE, numbered CVE-2024-4577, pertains to PHP-CGI OS Command Injection. It is a recent vulnerability, but not classified as a zero-day exploit. The exploit tools used were developed by Watchtwr Labs. This vulnerability has primarily affected users of PHP and XAMPP. It impacts PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, and 8.3.* before 8.3.8 on Windows systems running Apache and PHP-CGI. Users of these specific PHP versions on Windows servers need to be aware, especially if they are utilizing XAMPP. This vulnerability allows an attacker to inject commands into the PHP binary being executed, potentially exposing the source code of scripts and even executing arbitrary PHP code on the server. This can lead to severe security breaches if exploited.
Watch the full video on YouTube: CVE-2024-4577
Remediation and exploitation details
This chain involves the following actors
This following systems are involved
Attack entry point
Remediation actions
Exploitation actions
Related Content
NOTE: The following related content has not been vetted and may be unsafe.
- https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
- https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
- https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
- https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
- https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
- https://github.com/11whoami99/CVE-2024-4577
- https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
- https://github.com/rapid7/metasploit-framework/pull/19247
- https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
- https://github.com/watchtowrlabs/CVE-2024-4577
- https://www.php.net/ChangeLog-8.php#8.1.29
- https://www.php.net/ChangeLog-8.php#8.2.20
- https://www.php.net/ChangeLog-8.php#8.3.8
- https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
- https://isc.sans.edu/diary/30994
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://security.netapp.com/advisory/ntap-20240621-0008/