CVE-2024-4577

CRITICAL9.8

CISA KEVRansomwarePublic PoCHigh EPSS

Description

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

PHP Group / PHP8.1.* – 8.1.29
PHP Group / PHP8.2.* – 8.2.20
PHP Group / PHP8.3.* – 8.3.8

Exploits & PoCs

nucleiPHP CGI - Argument Injectionby Hüseyin TINTAŞ,sw0rk17,s4e-io,pdresearch

References

VENDOR_ADVISORYhttps://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
MISChttps://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
MISChttps://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
MISChttps://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
MISChttps://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
MISChttps://github.com/11whoami99/CVE-2024-4577
MISChttps://github.com/xcanwin/CVE-2024-4577-PHP-RCE
EXPLOIThttps://github.com/rapid7/metasploit-framework/pull/19247
MISChttps://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
MISChttps://github.com/watchtowrlabs/CVE-2024-4577
MISChttps://www.php.net/ChangeLog-8.php#8.1.29
MISChttps://www.php.net/ChangeLog-8.php#8.2.20
MISChttps://www.php.net/ChangeLog-8.php#8.3.8
MISChttps://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
MISChttps://isc.sans.edu/diary/30994
MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/06/07/1
MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
MAILING_LISThttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
MISChttps://security.netapp.com/advisory/ntap-20240621-0008/