Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-x2s3-ku1g-gfgh
SummaryMultiple vulnerabilities have been discovered in PHP, the worst of which can lead to a denial of service.
Aliases
0
alias CVE-2024-4577
Fixed_packages
0
url pkg:apk/alpine/php81@8.1.29-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php81@8.1.29-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.29-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
1
url pkg:apk/alpine/php81@8.1.29-r0?arch=armhf&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php81@8.1.29-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.29-r0%3Farch=armhf&distroversion=v3.19&reponame=community
2
url pkg:apk/alpine/php81@8.1.29-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php81@8.1.29-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.29-r0%3Farch=armv7&distroversion=v3.19&reponame=community
3
url pkg:apk/alpine/php81@8.1.29-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php81@8.1.29-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.29-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community
4
url pkg:apk/alpine/php81@8.1.29-r0?arch=s390x&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php81@8.1.29-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.29-r0%3Farch=s390x&distroversion=v3.19&reponame=community
5
url pkg:apk/alpine/php81@8.1.29-r0?arch=x86&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php81@8.1.29-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.29-r0%3Farch=x86&distroversion=v3.19&reponame=community
6
url pkg:apk/alpine/php81@8.1.29-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php81@8.1.29-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php81@8.1.29-r0%3Farch=x86_64&distroversion=v3.19&reponame=community
7
url pkg:apk/alpine/php82@8.2.20-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php82@8.2.20-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.20-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
8
url pkg:apk/alpine/php82@8.2.20-r0?arch=armhf&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php82@8.2.20-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.20-r0%3Farch=armhf&distroversion=v3.19&reponame=community
9
url pkg:apk/alpine/php82@8.2.20-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php82@8.2.20-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.20-r0%3Farch=armv7&distroversion=v3.19&reponame=community
10
url pkg:apk/alpine/php82@8.2.20-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php82@8.2.20-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.20-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community
11
url pkg:apk/alpine/php82@8.2.20-r0?arch=s390x&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php82@8.2.20-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.20-r0%3Farch=s390x&distroversion=v3.19&reponame=community
12
url pkg:apk/alpine/php82@8.2.20-r0?arch=x86&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php82@8.2.20-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.20-r0%3Farch=x86&distroversion=v3.19&reponame=community
13
url pkg:apk/alpine/php82@8.2.20-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php82@8.2.20-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php82@8.2.20-r0%3Farch=x86_64&distroversion=v3.19&reponame=community
14
url pkg:apk/alpine/php83@8.3.8-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php83@8.3.8-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.8-r0%3Farch=aarch64&distroversion=v3.19&reponame=community
15
url pkg:apk/alpine/php83@8.3.8-r0?arch=armhf&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php83@8.3.8-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.8-r0%3Farch=armhf&distroversion=v3.19&reponame=community
16
url pkg:apk/alpine/php83@8.3.8-r0?arch=armv7&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php83@8.3.8-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.8-r0%3Farch=armv7&distroversion=v3.19&reponame=community
17
url pkg:apk/alpine/php83@8.3.8-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php83@8.3.8-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.8-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community
18
url pkg:apk/alpine/php83@8.3.8-r0?arch=s390x&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php83@8.3.8-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.8-r0%3Farch=s390x&distroversion=v3.19&reponame=community
19
url pkg:apk/alpine/php83@8.3.8-r0?arch=x86&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php83@8.3.8-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.8-r0%3Farch=x86&distroversion=v3.19&reponame=community
20
url pkg:apk/alpine/php83@8.3.8-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl pkg:apk/alpine/php83@8.3.8-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/php83@8.3.8-r0%3Farch=x86_64&distroversion=v3.19&reponame=community
21
url pkg:deb/debian/php7.4@0?distro=bullseye
purl pkg:deb/debian/php7.4@0?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@0%3Fdistro=bullseye
22
url pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
purl pkg:deb/debian/php7.4@7.4.33-1%2Bdeb11u5?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php7.4@7.4.33-1%252Bdeb11u5%3Fdistro=bullseye
23
url pkg:deb/debian/php8.2@0?distro=bookworm
purl pkg:deb/debian/php8.2@0?distro=bookworm
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@0%3Fdistro=bookworm
24
url pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm
purl pkg:deb/debian/php8.2@8.2.29-1~deb12u1?distro=bookworm
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/php8.2@8.2.29-1~deb12u1%3Fdistro=bookworm
25
url pkg:ebuild/dev-lang/php@8.1
purl pkg:ebuild/dev-lang/php@8.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.1
26
url pkg:ebuild/dev-lang/php@8.1.29
purl pkg:ebuild/dev-lang/php@8.1.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.1.29
27
url pkg:ebuild/dev-lang/php@8.2.20
purl pkg:ebuild/dev-lang/php@8.2.20
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.2.20
28
url pkg:ebuild/dev-lang/php@8.3.8
purl pkg:ebuild/dev-lang/php@8.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@8.3.8
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4577.json
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-4577.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4577
reference_id
reference_type
scores
0
value 0.94374
scoring_system epss
scoring_elements 0.99967
published_at 2026-05-14T12:55:00Z
1
value 0.94374
scoring_system epss
scoring_elements 0.99966
published_at 2026-04-18T12:55:00Z
2
value 0.94393
scoring_system epss
scoring_elements 0.99973
published_at 2026-04-29T12:55:00Z
3
value 0.94393
scoring_system epss
scoring_elements 0.99972
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4577
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url http://www.openwall.com/lists/oss-security/2024/06/07/1
reference_id 1
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url http://www.openwall.com/lists/oss-security/2024/06/07/1
4
reference_url https://github.com/rapid7/metasploit-framework/pull/19247
reference_id 19247
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://github.com/rapid7/metasploit-framework/pull/19247
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2291281
reference_id 2291281
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2291281
6
reference_url https://isc.sans.edu/diary/30994
reference_id 30994
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://isc.sans.edu/diary/30994
7
reference_url https://www.php.net/ChangeLog-8.php#8.1.29
reference_id ChangeLog-8.php#8.1.29
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://www.php.net/ChangeLog-8.php#8.1.29
8
reference_url https://www.php.net/ChangeLog-8.php#8.2.20
reference_id ChangeLog-8.php#8.2.20
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://www.php.net/ChangeLog-8.php#8.2.20
9
reference_url https://www.php.net/ChangeLog-8.php#8.3.8
reference_id ChangeLog-8.php#8.3.8
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://www.php.net/ChangeLog-8.php#8.3.8
10
reference_url https://github.com/11whoami99/CVE-2024-4577
reference_id CVE-2024-4577
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://github.com/11whoami99/CVE-2024-4577
11
reference_url https://github.com/watchtowrlabs/CVE-2024-4577
reference_id CVE-2024-4577
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://github.com/watchtowrlabs/CVE-2024-4577
12
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52331.py
reference_id CVE-2024-4577
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/52331.py
13
reference_url https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
reference_id CVE-2024-4577-PHP-RCE
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
14
reference_url https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
reference_id cve-2024-4577-yet-another-php-rce.html
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
15
reference_url https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
reference_id GHSA-3qgc-jrrr-25jv
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
16
reference_url https://security.gentoo.org/glsa/202408-32
reference_id GLSA-202408-32
reference_type
scores
url https://security.gentoo.org/glsa/202408-32
17
reference_url https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
reference_id imperva-protects-against-critical-php-vulnerability-cve-2024-4577
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
18
reference_url https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
reference_id no-way-php-strikes-again-cve-2024-4577
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
19
reference_url https://security.netapp.com/advisory/ntap-20240621-0008/
reference_id ntap-20240621-0008
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://security.netapp.com/advisory/ntap-20240621-0008/
20
reference_url https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
reference_id php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
reference_id PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
22
reference_url https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
reference_id security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
reference_id W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
24
reference_url https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
reference_id warning-php-remote-code-execution-patch-immediately
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Act
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-06-15T03:55:28Z/
url https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
Weaknesses
0
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Exploits
0
date_added null
description 
This module exploits a PHP CGI argument injection vulnerability affecting PHP in certain configurations
          on a Windows target. A vulnerable configuration is locale dependant (such as Chinese or Japanese), such that
          the Unicode best-fit conversion scheme will unexpectedly convert a soft hyphen (0xAD) into a dash (0x2D)
          character. Additionally a target web server must be configured to run PHP under CGI mode, or directly expose
          the PHP binary. This issue has been fixed in PHP 8.3.8 (for the 8.3.x branch), 8.2.20 (for the 8.2.x branch),
          and 8.1.29 (for the 8.1.x branch). PHP 8.0.x and below are end of life and have note received patches.

          XAMPP is vulnerable in a default configuration, and we can target the /php-cgi/php-cgi.exe endpoint. To target
          an explicit .php endpoint (e.g. /index.php), the server must be configured to run PHP scripts in CGI mode.
required_action null
due_date null
notes 
Stability:
  - crash-safe
Reliability:
  - repeatable-session
SideEffects:
  - ioc-in-logs
known_ransomware_campaign_use false
source_date_published 2024-06-06
exploit_type null
platform PHP,Windows
source_date_updated null
data_source Metasploit
source_url https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/windows/http/php_cgi_arg_injection_rce_cve_2024_4577.rb
1
date_added 2024-06-12
description PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.
required_action Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
due_date 2024-07-03
notes This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://www.php.net/ChangeLog-8.php#; https://nvd.nist.gov/vuln/detail/CVE-2024-4577
known_ransomware_campaign_use true
source_date_published null
exploit_type null
platform null
source_date_updated null
data_source KEV
source_url null
2
date_added 2025-06-15
description PHP CGI Module 8.3.4 - Remote Code Execution (RCE)
required_action null
due_date null
notes null
known_ransomware_campaign_use false
source_date_published 2025-06-15
exploit_type webapps
platform php
source_date_updated 2025-06-15
data_source Exploit-DB
source_url
Severity_range_score9.8 - 9.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-x2s3-ku1g-gfgh