Researchers have discovered a critical RCE in PHP for Windows. CVE-2024-4577 allows unauthenticated people to bypass the protection for a previously fixed vulnerability (CVE-2012-1823) using specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
Dan Goodin /
npub1yy…p6r3v
2024-06-07 18:17:58
Author Public Key
npub1yyl6ktycvjymch9hyzq5yqphj89kalfqmtswcjpjmp7s67ms6g9sdp6r3vPublished at
2024-06-07 18:17:58Event JSON
{
"id": "fc42b558429732448e0a1fe1322db7f26ab68f1af9be785bf7030303d7e4bea5",
"pubkey": "213fab2c986489bc5cb7208142003791cb6efd20dae0ec4832d87d0d7b70d20b",
"created_at": 1717784278,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/dangoodin/statuses/112576710492094433",
"activitypub"
]
],
"content": "Researchers have discovered a critical RCE in PHP for Windows. CVE-2024-4577 allows unauthenticated people to bypass the protection for a previously fixed vulnerability (CVE-2012-1823) using specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.\n\nhttps://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/",
"sig": "99b6aa2fc50fb93b639465130d0847d7410f67ea6eb6464b891431df7c028f332a61cd415c7298e323c44378fe3ff91c5e32ff1d302a4dfa0a2de76e954aa233"
}