logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2024-4577

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2024-4577

Description:
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Last updated date:
08/14/2024

Reports

alt

ACTIVELY EXPLOITED

Type:
exploitation
Confidence:
HIGH
Date of publishing:
06/09/2024
Reference url to background

https://isc.sans.edu/diary/Attacker%20Probing%20for%20New%20PHP%20Vulnerablity%20CVE-2024-4577/30994

Type:
exploitation
Confidence:
HIGH
Date of publishing:
06/12/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/07/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/07/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/07/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/07/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/08/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/08/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/08/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/09/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/09/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/10/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/10/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/10/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/10/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/10/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/10/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/10/2024
Reference url to background

https://isc.sans.edu/diary/30994

Type:
exploit
Confidence:
HIGH
Date of publishing:
06/10/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
06/15/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
07/06/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
07/11/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
07/15/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
08/20/2024
Type:
exploit
Confidence:
HIGH
Date of publishing:
10/14/2024
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy