1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. PHP-CGI OS Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2024-4577 is a PHP argument injection vulnerability that allows an adversary to execute arbitrary php commands.
References
  1. https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
CVE-2024-4577 PHP-CGI OS Command Injection Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
CVE-2024-4577 is a PHP argument injection vulnerability that allows an adversary to execute arbitrary php commands.
References
  1. https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/