Vulnerability Details : CVE-2024-4577

Public exploit exists!
Used for ransomware!
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Published 2024-06-09 19:42:36
Updated 2025-03-28 15:12:45
Source PHP Group
View at NVD,   CVE.org

Products affected by CVE-2024-4577

CVE-2024-4577 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
PHP-CGI OS Command Injection Vulnerability
CISA required action:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA description:
PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.
Notes:
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://www.php.net/ChangeLog-8.php#; https://nvd.nist.gov/vuln/detail
Added on 2024-06-12 Action due date 2024-07-03

Exploit prediction scoring system (EPSS) score for CVE-2024-4577

EPSS FAQ
94.38%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2024-4577

  • PHP CGI Argument Injection Remote Code Execution
    Disclosure Date: 2024-06-06
    First seen: 2024-06-19
    exploit/windows/http/php_cgi_arg_injection_rce_cve_2024_4577
    This module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that the Unicode best-fit conversion scheme will unexpectedly

CVSS scores for CVE-2024-4577

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.8
 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
N/A
 PHP Group 2024-06-09
9.8
 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
 NIST 2024-06-10
9.8
 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
 PHP Group 2024-06-09

CWE ids for CVE-2024-4577

References for CVE-2024-4577

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close