← voltar
CVE-2024-4577

Argument Injection in PHP-CGI

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-78
Em resumo

O PHP-CGI no Windows pode ser enganado para aceitar opções maliciosas da linha de comando através de truques de codificação de caracteres, permitindo que invasores exponham código-fonte ou executem código arbitrário no servidor.

Detalhe técnico

Uma vulnerabilidade de injeção de argumentos no PHP-CGI no Windows ocorre quando o Apache passa entrada do usuário através da interface CGI; se as configurações de página de código do Windows habilitam mapeamento de caracteres 'Best-Fit', entrada especialmente preparada pode ser reinterpretada como opções PHP (por exemplo, -r, -d), contornando o tratamento normal de requisições. Requer configuração específica de página de código do Windows e versões PHP vulneráveis; o impacto inclui execução de código arbitrário e divulgação de informações.

Resumo gerado e traduzido por IA a partir da descrição oficial.
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
PHP Group · PHP
PoCs públicas encontradas70
githubgithub.com/watchtowrlabs/CVE-2024-4577318githubgithub.com/xcanwin/CVE-2024-4577-PHP-RCE163githubgithub.com/TAM-K592/CVE-2024-457777githubgithub.com/Night-have-dreams/php-cgi-Injector45githubgithub.com/11whoami99/CVE-2024-457743githubgithub.com/Chocapikk/CVE-2024-457734githubgithub.com/ZephrFish/CVE-2024-4577-PHP-RCE32githubgithub.com/gh-ost00/CVE-2024-4577-RCE25githubgithub.com/BTtea/CVE-2024-4577-RCE-PoC25githubgithub.com/huseyinstif/CVE-2024-4577-Nuclei-Template22githubgithub.com/gotr00t0day/CVE-2024-457713githubgithub.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT10githubgithub.com/manuelinfosec/CVE-2024-45779githubgithub.com/l0n3m4n/CVE-2024-4577-RCE7githubgithub.com/aavamin/cve-2024-45776githubgithub.com/bibo318/CVE-2024-4577-RCE-ATTACK5githubgithub.com/CirqueiraDev/MassExploit-CVE-2024-45775githubgithub.com/longhoangth18/CVE-2024-45775githubgithub.com/0x20c/CVE-2024-4577-nuclei5githubgithub.com/Sh0ckFR/CVE-2024-45774githubgithub.com/JeninSutradhar/CVE-2024-4577-checker3githubgithub.com/ibrahmsql/CVE-2024-45773githubgithub.com/zomasec/CVE-2024-45773githubgithub.com/d3ck4/Shodan-CVE-2024-45772githubgithub.com/AlperenY-cs/CVE-2024-45772githubgithub.com/VictorShem/CVE-2024-45772githubgithub.com/byteReaper77/CVE-2024-45772githubgithub.com/phirojshah/CVE-2024-45772githubgithub.com/gl1tch0x1/PHP_8.1.x_Exploit1githubgithub.com/ggfzx/CVE-2024-45771githubgithub.com/Junp0/CVE-2024-45771githubgithub.com/sug4r-wr41th/CVE-2024-45771githubgithub.com/Sysc4ll3r/CVE-2024-45771githubgithub.com/0XFFFF-XD/CVE-2024-4577-PHP-CGI-RCE1githubgithub.com/taida957789/CVE-2024-45771githubgithub.com/Wh02m1/CVE-2024-45771githubgithub.com/ywChen-NTUST/PHP-CGI-RCE-Scanner1githubgithub.com/PhinehasNarh/CVE-2024-4577-LetsDefend-walkthrough1githubgithub.com/r0otk3r/CVE-2024-45770githubgithub.com/mananjain61/PHP-CGI-INTERNAL-RCE0githubgithub.com/Skycritch/CVE-2024-45770githubgithub.com/Ianthinus/CVE-2024-45770githubgithub.com/InfoSec-DB/PHPCGIScanner0githubgithub.com/a1ex-var1amov/ctf-cve-2024-45770githubgithub.com/rayngnpc/CVE-2024-4577-rayng0githubgithub.com/Gill-Singh-A/CVE-2024-4577-Exploit0githubgithub.com/graphite-org/CVE-2024-45770githubgithub.com/WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP0githubgithub.com/dbyMelina/CVE-2024-45770githubgithub.com/bl4cksku11/CVE-2024-45770githubgithub.com/Entropt/CVE-2024-4577_Analysis0githubgithub.com/jakabakos/CVE-2024-4577-PHP-CGI-argument-injection-RCE0githubgithub.com/olebris/CVE-2024-45770githubgithub.com/charis3306/CVE-2024-45770githubgithub.com/zjhzjhhh/CVE-2024-45770githubgithub.com/gmh5225/CVE-2024-4577-PHP-RCE0githubgithub.com/a-roshbaik/CVE-2024-45770githubgithub.com/a-roshbaik/CVE-2024-4577-PHP-RCE0githubgithub.com/Jcccccx/CVE-2024-45770githubgithub.com/bughuntar/CVE-2024-45770githubgithub.com/princew88/CVE-2024-45770githubgithub.com/AhmedMansour93/Event-ID-268-Rule-Name-SOC292-Possible-PHP-Injection-Detected-CVE-2024-4577-0githubgithub.com/ahmetramazank/CVE-2024-45770githubgithub.com/tpdlshdmlrkfmcla/php-cgi-cve-2024-45770githubgithub.com/Didarul342/CVE-2024-45770githubgithub.com/Ra1n-60W/CVE-2024-45770githubgithub.com/wilss0n/CVE-2024-45770githubgithub.com/tntrock/CVE-2024-4577_PowerShell0githubgithub.com/KimJuhyeong95/cve-2024-45770exploitdbwww.exploit-db.com/exploits/52331não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.htmlhttps://blog.talosintelligence.com/new-persistent-attacks-japan/https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediatelyhttps://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/https://github.com/11whoami99/CVE-2024-4577https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jvhttps://github.com/rapid7/metasploit-framework/pull/19247https://github.com/watchtowrlabs/CVE-2024-4577https://github.com/xcanwin/CVE-2024-4577-PHP-RCEhttps://isc.sans.edu/diary/30994https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/