In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
References
Configurations
History
21 Nov 2024, 09:43
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () http://www.openwall.com/lists/oss-security/2024/06/07/1 - Mailing List, Release Notes | |
References | () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - Exploit, Press/Media Coverage, Third Party Advisory | |
References | () https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html - Third Party Advisory | |
References | () https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately - Third Party Advisory | |
References | () https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ - Exploit, Third Party Advisory | |
References | () https://github.com/11whoami99/CVE-2024-4577 - Exploit | |
References | () https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv - Broken Link | |
References | () https://github.com/rapid7/metasploit-framework/pull/19247 - Exploit, Issue Tracking | |
References | () https://github.com/watchtowrlabs/CVE-2024-4577 - Exploit, Third Party Advisory | |
References | () https://github.com/xcanwin/CVE-2024-4577-PHP-RCE - Exploit, Third Party Advisory | |
References | () https://isc.sans.edu/diary/30994 - Exploit, Third Party Advisory | |
References | () https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ - Exploit, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - Mailing List, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20240621-0008/ - Third Party Advisory | |
References | () https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ - Third Party Advisory | |
References | () https://www.php.net/ChangeLog-8.php#8.1.29 - Release Notes | |
References | () https://www.php.net/ChangeLog-8.php#8.2.20 - Release Notes | |
References | () https://www.php.net/ChangeLog-8.php#8.3.8 - Release Notes |
14 Aug 2024, 19:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - Exploit, Press/Media Coverage, Third Party Advisory | |
References | () https://github.com/rapid7/metasploit-framework/pull/19247 - Exploit, Issue Tracking | |
References | () https://security.netapp.com/advisory/ntap-20240621-0008/ - Third Party Advisory |
21 Jun 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Jun 2024, 11:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | () http://www.openwall.com/lists/oss-security/2024/06/07/1 - Mailing List, Release Notes | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ - Mailing List, Third Party Advisory | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:* |
13 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jun 2024, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Jun 2024, 17:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (es) En las versiones de PHP 8.1.* anteriores a 8.1.29, 8.2.* anteriores a 8.2.20, 8.3.* anteriores a 8.3.8, cuando se usa Apache y PHP-CGI en Windows, si el sistema está configurado para usar ciertas páginas de códigos, Windows puede utilizar el comportamiento "Mejor ajuste" para reemplazar caracteres en la línea de comando proporcionada a las funciones de la API de Win32. El módulo PHP CGI puede malinterpretar esos caracteres como opciones de PHP, lo que puede permitir a un usuario malintencionado pasar opciones al binario PHP que se está ejecutando y, por lo tanto, revelar el código fuente de los scripts, ejecutar código PHP arbitrario en el servidor, etc. |
10 Jun 2024, 12:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Php
Php php |
|
CPE | cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | |
References | () https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ - Exploit, Third Party Advisory | |
References | () https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html - Third Party Advisory | |
References | () https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately - Third Party Advisory | |
References | () https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ - Exploit, Third Party Advisory | |
References | () https://github.com/11whoami99/CVE-2024-4577 - Exploit | |
References | () https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv - Broken Link | |
References | () https://github.com/rapid7/metasploit-framework/pull/19247 - Exploit | |
References | () https://github.com/watchtowrlabs/CVE-2024-4577 - Exploit, Third Party Advisory | |
References | () https://github.com/xcanwin/CVE-2024-4577-PHP-RCE - Exploit, Third Party Advisory | |
References | () https://isc.sans.edu/diary/30994 - Exploit, Third Party Advisory | |
References | () https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ - Exploit, Third Party Advisory | |
References | () https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ - Third Party Advisory | |
References | () https://www.php.net/ChangeLog-8.php#8.1.29 - Release Notes | |
References | () https://www.php.net/ChangeLog-8.php#8.2.20 - Release Notes | |
References | () https://www.php.net/ChangeLog-8.php#8.3.8 - Release Notes |
10 Jun 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
10 Jun 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jun 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-09 20:15
Updated : 2024-11-21 09:43
NVD link : CVE-2024-4577
Mitre link : CVE-2024-4577
CVE.ORG link : CVE-2024-4577
JSON object : View
Products Affected
php
- php
fedoraproject
- fedora
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')