CVE-2024-4577

9.8 CRITICAL CISA KEV - Actively Exploited

Published: June 09, 2024 Modified: November 03, 2025

Description

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.openwall.com/lists/oss-security/2024/06/07/1

Source: security@php.net

Mailing List Third Party Advisory

https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/

Source: security@php.net

Exploit Press/Media Coverage Third Party Advisory

https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html

Source: security@php.net

Third Party Advisory

https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately

Source: security@php.net

Third Party Advisory

https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/

Source: security@php.net

Exploit Third Party Advisory

https://github.com/11whoami99/CVE-2024-4577

Source: security@php.net

Exploit

https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv

Source: security@php.net

Exploit Third Party Advisory

https://github.com/rapid7/metasploit-framework/pull/19247

Source: security@php.net

Exploit Issue Tracking Patch

https://github.com/watchtowrlabs/CVE-2024-4577

Source: security@php.net

Exploit Third Party Advisory

https://github.com/xcanwin/CVE-2024-4577-PHP-RCE

Source: security@php.net

Exploit Third Party Advisory

https://isc.sans.edu/diary/30994

Source: security@php.net

Exploit Third Party Advisory

https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/

Source: security@php.net

Exploit Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/

Source: security@php.net

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/

Source: security@php.net

Mailing List

https://security.netapp.com/advisory/ntap-20240621-0008/

Source: security@php.net

Third Party Advisory

https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/

Source: security@php.net

Third Party Advisory

https://www.php.net/ChangeLog-8.php#8.1.29

Source: security@php.net

Release Notes

https://www.php.net/ChangeLog-8.php#8.2.20

Source: security@php.net

Release Notes

https://www.php.net/ChangeLog-8.php#8.3.8

Source: security@php.net

Release Notes

http://www.openwall.com/lists/oss-security/2024/06/07/1