A new critical security flaw (CVE-2024-4577) affecting all versions of PHP on Windows has been disclosed. This CGI argument injection vulnerability allows remote code execution by bypassing protections from a previous flaw (CVE-2012-1823).
Key Points:
- Impacts all PHP versions on Windows
- Allows argument injection and remote code execution
- Bypasses previous CVE-2012-1823 protections
- Affects XAMPP installations with specific locales by default
- Patches available in PHP 8.3.8, 8.2.20, and 8.1.29
Admins are urged to update #PHP immediately as exploitation attempts have already been detected. Switching to more secure solutions like Mod-PHP, FastCGI, or PHP-FPM is also recommended.
This simple yet critical bug highlights the importance of thorough security reviews and timely patching.
#PHPSecurity #CVE20244577 #RemoteCodeExecution #CyberSecurity #SoftwareVulnerability #WindowsOS #WebAppSecurity
HackerNews: https://thehackernews.com/2024/06/new-php-vulnerability-exposes-windows.html