Actively exploited vulnerability

CVE-2024-4577: PHP-CGI OS Command Injection Vulnerability

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

CISA KEV source 12 Jun 2024 added 3 Jul 2024 remediation due

Affected product

PHP Group · PHP

Known ransomware use: Known

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2024-4577.