← volver
CVE-2024-4577

Argument Injection in PHP-CGI

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-78
En resumen

PHP-CGI en Windows puede ser engañado para aceptar opciones malintencionadas de línea de comandos mediante trucos de codificación de caracteres, permitiendo que atacantes expongan código fuente o ejecuten código arbitrario en el servidor.

Detalle técnico

Una vulnerabilidad de inyección de argumentos en PHP-CGI en Windows ocurre cuando Apache pasa entrada del usuario a través de la interfaz CGI; si las configuraciones de página de códigos de Windows habilitan mapeo de caracteres 'Best-Fit', entrada especialmente diseñada puede ser reinterpretada como opciones PHP (por ejemplo, -r, -d), evitando el manejo normal de solicitudes. Requiere configuración específica de página de códigos de Windows y versiones PHP vulnerables; el impacto incluye ejecución arbitraria de código y divulgación de información.

Resumen generado y traducido por IA a partir de la descripción oficial.
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
PHP Group · PHP
PoCs públicas encontradas70
githubgithub.com/watchtowrlabs/CVE-2024-4577318githubgithub.com/xcanwin/CVE-2024-4577-PHP-RCE163githubgithub.com/TAM-K592/CVE-2024-457777githubgithub.com/Night-have-dreams/php-cgi-Injector45githubgithub.com/11whoami99/CVE-2024-457743githubgithub.com/Chocapikk/CVE-2024-457734githubgithub.com/ZephrFish/CVE-2024-4577-PHP-RCE32githubgithub.com/gh-ost00/CVE-2024-4577-RCE25githubgithub.com/BTtea/CVE-2024-4577-RCE-PoC25githubgithub.com/huseyinstif/CVE-2024-4577-Nuclei-Template22githubgithub.com/gotr00t0day/CVE-2024-457713githubgithub.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT10githubgithub.com/manuelinfosec/CVE-2024-45779githubgithub.com/l0n3m4n/CVE-2024-4577-RCE7githubgithub.com/aavamin/cve-2024-45776githubgithub.com/bibo318/CVE-2024-4577-RCE-ATTACK5githubgithub.com/CirqueiraDev/MassExploit-CVE-2024-45775githubgithub.com/longhoangth18/CVE-2024-45775githubgithub.com/0x20c/CVE-2024-4577-nuclei5githubgithub.com/Sh0ckFR/CVE-2024-45774githubgithub.com/JeninSutradhar/CVE-2024-4577-checker3githubgithub.com/ibrahmsql/CVE-2024-45773githubgithub.com/zomasec/CVE-2024-45773githubgithub.com/d3ck4/Shodan-CVE-2024-45772githubgithub.com/AlperenY-cs/CVE-2024-45772githubgithub.com/VictorShem/CVE-2024-45772githubgithub.com/byteReaper77/CVE-2024-45772githubgithub.com/phirojshah/CVE-2024-45772githubgithub.com/gl1tch0x1/PHP_8.1.x_Exploit1githubgithub.com/ggfzx/CVE-2024-45771githubgithub.com/Junp0/CVE-2024-45771githubgithub.com/sug4r-wr41th/CVE-2024-45771githubgithub.com/Sysc4ll3r/CVE-2024-45771githubgithub.com/0XFFFF-XD/CVE-2024-4577-PHP-CGI-RCE1githubgithub.com/taida957789/CVE-2024-45771githubgithub.com/Wh02m1/CVE-2024-45771githubgithub.com/ywChen-NTUST/PHP-CGI-RCE-Scanner1githubgithub.com/PhinehasNarh/CVE-2024-4577-LetsDefend-walkthrough1githubgithub.com/r0otk3r/CVE-2024-45770githubgithub.com/mananjain61/PHP-CGI-INTERNAL-RCE0githubgithub.com/Skycritch/CVE-2024-45770githubgithub.com/Ianthinus/CVE-2024-45770githubgithub.com/InfoSec-DB/PHPCGIScanner0githubgithub.com/a1ex-var1amov/ctf-cve-2024-45770githubgithub.com/rayngnpc/CVE-2024-4577-rayng0githubgithub.com/Gill-Singh-A/CVE-2024-4577-Exploit0githubgithub.com/graphite-org/CVE-2024-45770githubgithub.com/WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP0githubgithub.com/dbyMelina/CVE-2024-45770githubgithub.com/bl4cksku11/CVE-2024-45770githubgithub.com/Entropt/CVE-2024-4577_Analysis0githubgithub.com/jakabakos/CVE-2024-4577-PHP-CGI-argument-injection-RCE0githubgithub.com/olebris/CVE-2024-45770githubgithub.com/charis3306/CVE-2024-45770githubgithub.com/zjhzjhhh/CVE-2024-45770githubgithub.com/gmh5225/CVE-2024-4577-PHP-RCE0githubgithub.com/a-roshbaik/CVE-2024-45770githubgithub.com/a-roshbaik/CVE-2024-4577-PHP-RCE0githubgithub.com/Jcccccx/CVE-2024-45770githubgithub.com/bughuntar/CVE-2024-45770githubgithub.com/princew88/CVE-2024-45770githubgithub.com/AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-0githubgithub.com/ahmetramazank/CVE-2024-45770githubgithub.com/tpdlshdmlrkfmcla/php-cgi-cve-2024-45770githubgithub.com/Didarul342/CVE-2024-45770githubgithub.com/Ra1n-60W/CVE-2024-45770githubgithub.com/wilss0n/CVE-2024-45770githubgithub.com/tntrock/CVE-2024-4577_PowerShell0githubgithub.com/KimJuhyeong95/cve-2024-45770exploitdbwww.exploit-db.com/exploits/52331no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.htmlhttps://blog.talosintelligence.com/new-persistent-attacks-japan/https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediatelyhttps://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/https://github.com/11whoami99/CVE-2024-4577https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jvhttps://github.com/rapid7/metasploit-framework/pull/19247https://github.com/watchtowrlabs/CVE-2024-4577https://github.com/xcanwin/CVE-2024-4577-PHP-RCEhttps://isc.sans.edu/diary/30994https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/