Back to KEVs

CVE-2024-4577

Argument Injection in PHP-CGI

Basic Information

CVE State: PUBLISHED
Reserved Date: May 06, 2024
Published Date: June 09, 2024
Last Updated: March 14, 2025
Vendor: PHP Group
Product: PHP
Description: In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: active
Automatable: Yes
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (added 2024-06-12 00:00:00 UTC) Source
Proof of Concept Available: Yes (added 2024-06-28 14:11:15 UTC) Source
Used in Malware: Yes (added 2024-06-12 00:00:00 UTC) Source

References

https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/ https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/ https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/ https://github.com/11whoami99/CVE-2024-4577 https://github.com/xcanwin/CVE-2024-4577-PHP-RCE https://github.com/rapid7/metasploit-framework/pull/19247 https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/ https://github.com/watchtowrlabs/CVE-2024-4577 https://www.php.net/ChangeLog-8.php#8.1.29 https://www.php.net/ChangeLog-8.php#8.2.20 https://www.php.net/ChangeLog-8.php#8.3.8 https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately https://isc.sans.edu/diary/30994 http://www.openwall.com/lists/oss-security/2024/06/07/1 https://lists.fedoraproject.org/archives/list/[email protected]/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/ https://lists.fedoraproject.org/archives/list/[email protected]/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/ https://security.netapp.com/advisory/ntap-20240621-0008/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2024-06-12 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/php_cgi_arg_injection_rce_cve_2024_4577.rb	2025-04-29 11:01:39 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4577.yaml	2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

php_cgi_arg_injection_rce_cve_2024_4577

Type: metasploit • Created: Unknown

Metasploit module for CVE-2024-4577

BTtea/CVE-2024-4577-RCE-PoC

Type: github • Created: 2024-11-06 05:30:33 UTC • Stars: 23

CVE-2024-4577 RCE PoC

longhoangth18/CVE-2024-4577

Type: github • Created: 2024-10-14 09:11:06 UTC • Stars: 4

JeninSutradhar/CVE-2024-4577-checker

Type: github • Created: 2024-10-04 13:10:19 UTC • Stars: 3

A Bash script designed to scan multiple domains for the CVE-2024-4577 vulnerability in PHP-CGI.

phirojshah/CVE-2024-4577

Type: github • Created: 2024-09-12 19:27:52 UTC • Stars: 2

gh-ost00/CVE-2024-4577-RCE

Type: github • Created: 2024-08-20 02:56:03 UTC • Stars: 20

PHP CGI Argument Injection (CVE-2024-4577) RCE

waived/CVE-2024-4577-PHP-RCE

Type: github • Created: 2024-07-15 21:31:14 UTC • Stars: 5

Automated PHP remote code execution scanner for CVE-2024-4577

bibo318/CVE-2024-4577-RCE-ATTACK

Type: github • Created: 2024-07-11 02:22:32 UTC • Stars: 4

ATTACK PoC - PHP CVE-2024-4577

l0n3m4n/CVE-2024-4577-RCE

Type: github • Created: 2024-07-06 19:37:14 UTC • Stars: 7

PoC - PHP CGI Argument Injection CVE-2024-4577 (Scanner and Exploit)

AlperenY-cs/CVE-2024-4577

Type: github • Created: 2024-06-28 14:11:15 UTC • Stars: 2

Create lab for CVE-2024-4577

VictorShem/CVE-2024-4577

Type: github • Created: 2024-06-17 17:53:31 UTC • Stars: 2

CVE-2024-4577 POC

gotr00t0day/CVE-2024-4577

Type: github • Created: 2024-06-15 02:49:37 UTC • Stars: 11

Argument injection vulnerability in PHP

Sh0ckFR/CVE-2024-4577

Type: github • Created: 2024-06-13 14:25:04 UTC • Stars: 3

Fixed and minimalist PoC of the CVE-2024-4577

K3ysTr0K3R/CVE-2024-4577-EXPLOIT

Type: github • Created: 2024-06-09 23:32:11 UTC • Stars: 9

A PoC exploit for CVE-2024-4577 - PHP CGI Argument Injection Remote Code Execution (RCE)

Chocapikk/CVE-2024-4577

Type: github • Created: 2024-06-09 14:18:21 UTC • Stars: 29

PHP CGI Argument Injection vulnerability

xcanwin/CVE-2024-4577-PHP-RCE

Type: github • Created: 2024-06-08 13:04:45 UTC • Stars: 144

[漏洞复现] 全球首款利用PHP默认环境（XAMPP）的CVE-2024-4577 PHP-CGI RCE 漏洞 EXP。

ZephrFish/CVE-2024-4577-PHP-RCE

Type: github • Created: 2024-06-08 12:23:35 UTC • Stars: 26

PHP RCE PoC for CVE-2024-4577 written in bash, go, python and a nuclei template

zomasec/CVE-2024-4577

Type: github • Created: 2024-06-08 06:36:14 UTC • Stars: 3

CVE-2024-4577 Exploit POC

manuelinfosec/CVE-2024-4577

Type: github • Created: 2024-06-08 05:27:44 UTC • Stars: 9

Proof Of Concept RCE exploit for critical vulnerability in PHP <8.2.15 (Windows), allowing attackers to execute arbitrary commands.

0x20c/CVE-2024-4577-nuclei

Type: github • Created: 2024-06-08 03:12:28 UTC • Stars: 3

CVE-2024-4577 nuclei-templates

WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP

Type: github • Created: 2024-06-07 17:02:52 UTC • Stars: 0

huseyinstif/CVE-2024-4577-Nuclei-Template

Type: github • Created: 2024-06-07 10:40:37 UTC • Stars: 19

watchtowrlabs/CVE-2024-4577

Type: github • Created: 2024-06-07 09:52:54 UTC • Stars: 276

PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC

11whoami99/CVE-2024-4577

Type: github • Created: 2024-06-07 09:51:39 UTC • Stars: 44

POC & $BASH script for CVE-2024-4577

TAM-K592/CVE-2024-4577

Type: github • Created: 2024-06-07 05:50:23 UTC • Stars: 79

CVE-2024-4577 is a critical vulnerability in PHP affecting CGI configurations, allowing attackers to execute arbitrary commands via crafted URL parameters.