The DefendOps DiariesMar 11, 2025

Understanding CVE-2024-4577: A Critical PHP Vulnerability

https://thedefendopsdiaries.com/understanding-cve-2024-4577-a-critical-php-vulnerability/

#cve20244577
#phpvulnerability
#remotecodeexecution
#cybersecurity
#infosec

Understanding CVE-2024-4577: A Critical PHP Vulnerability

Explore CVE-2024-4577, a critical PHP vulnerability affecting CGI mode on Windows, and learn about its implications and mitigation strategies.

The DefendOps Diaries
GreyNoiseMar 7, 2025
🚨 Mass Exploitation of CVE-2024-4577 Detected. View and block malicious IPs now: https://www.greynoise.io/blog/mass-exploitation-critical-php-cgi-vulnerability-cve-2024-457 #CVE20244577 #Cybersecurity
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577)

‍GreyNoise data confirms that exploitation of CVE-2024-4577 extends far beyond initial reports. Attack attempts have been observed across multiple regions, with notable spikes in the United States, Singapore, Japan, and other countries throughout January 2025.

Anonymous 🐈️🐾☕🍵🏴🇵🇸 Jun 12, 2024
2024-06-11 (Tuesday): Our telemetry reveals ongoing exploitation attempts of #CVE20244577 in #PHP on Windows. Our customers are protected from these exploits including the "auto_append_file" method. More information we found on this vulnerability at https://bit.ly/4ekJJjx
Unit42-timely-threat-intel/2024-06-11-CVE-2024-4577.txt at main · PaloAltoNetworks/Unit42-timely-threat-intel

A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence. - PaloAltoNetworks/Unit42-timely-threat-intel

GitHub
Kevin SullivanJun 8, 2024

A new critical security flaw (CVE-2024-4577) affecting all versions of PHP on Windows has been disclosed. This CGI argument injection vulnerability allows remote code execution by bypassing protections from a previous flaw (CVE-2012-1823).

Key Points:

- Impacts all PHP versions on Windows
- Allows argument injection and remote code execution
- Bypasses previous CVE-2012-1823 protections
- Affects XAMPP installations with specific locales by default
- Patches available in PHP 8.3.8, 8.2.20, and 8.1.29

Admins are urged to update #PHP immediately as exploitation attempts have already been detected. Switching to more secure solutions like Mod-PHP, FastCGI, or PHP-FPM is also recommended.

This simple yet critical bug highlights the importance of thorough security reviews and timely patching.

#PHPSecurity #CVE20244577 #RemoteCodeExecution #CyberSecurity #SoftwareVulnerability #WindowsOS #WebAppSecurity

HackerNews: https://thehackernews.com/2024/06/new-php-vulnerability-exposes-windows.html

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

New Critical PHP Vulnerability CVE-2024-4577 allows remote code execution on Windows.

The Hacker News
HabrJun 8, 2024

[Перевод] CVE-2024-4577: Не может быть, PHP опять под атакой

Orange Tsai недавно запостил про «Одну из уязвимостей PHP, которая влияет на XAMPP, развернутый с настройками по умолчанию», и нам было интересно рассказать немного об этом. XAMPP - очень популярный способ администраторов и разработчиков развернуть Apache, PHP и множество других инструментов, и любая ошибка, которая может быть RCE в установке этого набора по умолчанию, звучит очень заманчиво. Где нашлась очередная уязвимость PHP? Читайте далее.

https://habr.com/ru/articles/820409/

#CVE20244577 #CVE #PHP #phpcgi #xampp #rce #watchtowr #уязвимости #уязвимости_php #уязвимость

CVE-2024-4577: Не может быть, PHP опять под атакой

Orange Tsai недавно запостил про «Одну из уязвимостей PHP, которая влияет на XAMPP, развернутый по умолчанию», и нам было интересно рассказать немного об этом. XAMPP - очень популярный способ...

Хабр