Understanding CVE-2024-4577: A Critical PHP Vulnerability

https://thedefendopsdiaries.com/understanding-cve-2024-4577-a-critical-php-vulnerability/

#cve20244577
#phpvulnerability
#remotecodeexecution
#cybersecurity
#infosec

Urgent: Mass exploitation of critical PHP vulnerability (CVE-2024-4577) confirmed; widespread attacks targeting Apache/PHP-CGI servers. #PHPvulnerability #Cybersecurity #CVE20244577

More details: https://www.rescana.com/post/critical-cve-2025-27607-vulnerability-in-python-json-logger-update-to-prevent-remote-code-execution - https://www.flagthis.com/news/10993

🚨 Mass Exploitation of CVE-2024-4577 Detected. View and block malicious IPs now: https://www.greynoise.io/blog/mass-exploitation-critical-php-cgi-vulnerability-cve-2024-457 #CVE20244577 #Cybersecurity

｢ The vulnerability, tracked as CVE-2024-4577 and carrying a severity rating of 9.8 out of 10, stems from errors in the way PHP converts Unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to convert user-supplied input into characters that pass malicious commands to the main PHP application ｣

https://arstechnica.com/security/2024/06/thousands-of-servers-infected-with-ransomware-via-critical-php-vulnerability/

#PHP #Ransomware #CVE20244577 #Infosec

2024-06-11 (Tuesday): Our telemetry reveals ongoing exploitation attempts of #CVE20244577 in #PHP on Windows. Our customers are protected from these exploits including the "auto_append_file" method. More information we found on this vulnerability at https://bit.ly/4ekJJjx

A new critical security flaw (CVE-2024-4577) affecting all versions of PHP on Windows has been disclosed. This CGI argument injection vulnerability allows remote code execution by bypassing protections from a previous flaw (CVE-2012-1823).

Key Points:

- Impacts all PHP versions on Windows
- Allows argument injection and remote code execution
- Bypasses previous CVE-2012-1823 protections
- Affects XAMPP installations with specific locales by default
- Patches available in PHP 8.3.8, 8.2.20, and 8.1.29

Admins are urged to update #PHP immediately as exploitation attempts have already been detected. Switching to more secure solutions like Mod-PHP, FastCGI, or PHP-FPM is also recommended.

This simple yet critical bug highlights the importance of thorough security reviews and timely patching.

#PHPSecurity #CVE20244577 #RemoteCodeExecution #CyberSecurity #SoftwareVulnerability #WindowsOS #WebAppSecurity

HackerNews: https://thehackernews.com/2024/06/new-php-vulnerability-exposes-windows.html

[Перевод] CVE-2024-4577: Не может быть, PHP опять под атакой

Orange Tsai недавно запостил про «Одну из уязвимостей PHP, которая влияет на XAMPP, развернутый с настройками по умолчанию», и нам было интересно рассказать немного об этом. XAMPP - очень популярный способ администраторов и разработчиков развернуть Apache, PHP и множество других инструментов, и любая ошибка, которая может быть RCE в установке этого набора по умолчанию, звучит очень заманчиво. Где нашлась очередная уязвимость PHP? Читайте далее.

https://habr.com/ru/articles/820409/

#CVE20244577 #CVE #PHP #phpcgi #xampp #rce #watchtowr #уязвимости #уязвимости_php #уязвимость