Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2024-4577
PUBLISHEDArgument Injection in PHP-CGI
- Vendor
- PHP Group
- Product
- PHP
- Published
- Jun 09, 2024
- EPSS
- —
Description
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- total
References
- https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
- https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
- https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
- https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
- https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
- https://github.com/11whoami99/CVE-2024-4577
- https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
- https://github.com/rapid7/metasploit-framework/pull/19247
- https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
- https://github.com/watchtowrlabs/CVE-2024-4577
- https://www.php.net/ChangeLog-8.php#8.1.29
- https://www.php.net/ChangeLog-8.php#8.2.20
- https://www.php.net/ChangeLog-8.php#8.3.8
- https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
- https://isc.sans.edu/diary/30994
- http://www.openwall.com/lists/oss-security/2024/06/07/1
- https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
- https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
- https://security.netapp.com/advisory/ntap-20240621-0008/
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Jun 12, 2024 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/php_cgi_arg_injection_rce_cve_2024_4577.rb | Apr 28, 2025 |
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4577.yaml | Apr 25, 2025 |
| Nessus | https://www.tenable.com/plugins/nessus/214953 | Feb 04, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
metasploit · Created Unknown
Metasploit module for CVE-2024-4577
github · Created 2024-11-06 05:30:33 UTC · 23 stars
CVE-2024-4577 RCE PoC
github · Created 2024-10-14 09:11:06 UTC · 4 stars
github · Created 2024-10-04 13:10:19 UTC · 3 stars
A Bash script designed to scan multiple domains for the CVE-2024-4577 vulnerability in PHP-CGI.
github · Created 2024-09-12 19:27:52 UTC · 2 stars
github · Created 2024-08-20 02:56:03 UTC · 20 stars
PHP CGI Argument Injection (CVE-2024-4577) RCE
github · Created 2024-07-15 21:31:14 UTC · 5 stars
Automated PHP remote code execution scanner for CVE-2024-4577
github · Created 2024-07-11 02:22:32 UTC · 4 stars
ATTACK PoC - PHP CVE-2024-4577
github · Created 2024-07-06 19:37:14 UTC · 7 stars
PoC - PHP CGI Argument Injection CVE-2024-4577 (Scanner and Exploit)
github · Created 2024-06-28 14:11:15 UTC · 2 stars
Create lab for CVE-2024-4577
github · Created 2024-06-15 02:49:37 UTC · 11 stars
Argument injection vulnerability in PHP
github · Created 2024-06-13 14:25:04 UTC · 3 stars
Fixed and minimalist PoC of the CVE-2024-4577
github · Created 2024-06-09 23:32:11 UTC · 9 stars
A PoC exploit for CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE)
github · Created 2024-06-09 14:18:21 UTC · 29 stars
PHP CGI Argument Injection vulnerability
github · Created 2024-06-08 13:04:45 UTC · 144 stars
[漏洞复现] 全球首款利用PHP默认环境(XAMPP)的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP。
github · Created 2024-06-08 12:23:35 UTC · 26 stars
PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template
github · Created 2024-06-08 05:27:44 UTC · 9 stars
Proof Of Concept RCE exploit for critical vulnerability in PHP <8.2.15 (Windows), allowing attackers to execute arbitrary commands.
github · Created 2024-06-08 03:12:28 UTC · 3 stars
CVE-2024-4577 nuclei-templates
github · Created 2024-06-07 17:02:52 UTC · 0 stars
github · Created 2024-06-07 10:40:37 UTC · 19 stars
github · Created 2024-06-07 09:52:54 UTC · 275 stars
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
github · Created 2024-06-07 09:51:39 UTC · 44 stars
POC & $BASH script for CVE-2024-4577
github · Created 2024-06-07 09:42:40 UTC · 2 stars
PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
github · Created 2024-06-07 05:50:23 UTC · 79 stars
CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters.
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Proof of Concept Exploit Available
-
Detected by Nessus
-
Detected by Nuclei
-
Detected by Metasploit