
CVE-2024-4577
- Reference to the description:
- Description:
- In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
- Last updated date:
- 12/20/2024
Reports

ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 06/09/2024
- Reference url to background
https://isc.sans.edu/diary/Attacker%20Probing%20for%20New%20PHP%20Vulnerablity%20CVE-2024-4577/30994
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 06/12/2024
- Reference url to background
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/07/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/07/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/07/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/07/2024
- Reference url to background
https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/08/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/08/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/08/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/09/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/09/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/10/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/10/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/10/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/10/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/10/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/10/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/10/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/10/2024
- Reference url to background
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/13/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/13/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/15/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/06/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/11/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 07/15/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/20/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 08/20/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/04/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/14/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 11/06/2024
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/20/2024
- Reference url to background
https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/20/2024
- Reference url to background
https://www.vicarius.io/vsociety/posts/php-cgi-argument-injection-to-rce-cve-2024-4577
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 12/20/2024
- Reference url to background
https://www.vicarius.io/vsociety/posts/php-cgi-os-command-injection-vulnerability-cve-2024-4577