CVE-2024-4577

Vulnerability Description

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://www.openwall.com/lists/oss-security/2024/06/07/1Mailing ListThird Party Advisory
• https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-rExploitPress/Media CoverageThird Party Advisory
• https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.htmlThird Party Advisory
• https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediatelyThird Party Advisory
• https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-iExploitThird Party Advisory
• https://github.com/11whoami99/CVE-2024-4577Exploit
• https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jvExploitThird Party Advisory
• https://github.com/rapid7/metasploit-framework/pull/19247ExploitIssue TrackingPatch
• https://github.com/watchtowrlabs/CVE-2024-4577ExploitThird Party Advisory
• https://github.com/xcanwin/CVE-2024-4577-PHP-RCEExploitThird Party Advisory
• https://isc.sans.edu/diary/30994ExploitThird Party Advisory
• https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ExploitThird Party Advisory
• https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
• https://lists.fedoraproject.org/archives/list/[email protected]Mailing List
• https://security.netapp.com/advisory/ntap-20240621-0008/Third Party Advisory