mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-06 02:31:38 +00:00
3.7 KiB
3.7 KiB
CVE-2024-4577
&color=brighgreen)
Description
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
POC
Reference
- https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/
- https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately
- https://github.com/11whoami99/CVE-2024-4577
- https://github.com/watchtowrlabs/CVE-2024-4577
- https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
- https://isc.sans.edu/diary/30994
- https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/
Github
- https://github.com/0x20c/CVE-2024-4577-nuclei
- https://github.com/0xMarcio/cve
- https://github.com/0xsyr0/OSCP
- https://github.com/11whoami99/CVE-2024-4577
- https://github.com/Chocapikk/CVE-2024-4577
- https://github.com/DeePingXian/DPX_Discord_Bot
- https://github.com/GhostTroops/TOP
- https://github.com/Junp0/CVE-2024-4577
- https://github.com/K3ysTr0K3R/CVE-2024-4577-EXPLOIT
- https://github.com/K3ysTr0K3R/K3ysTr0K3R
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Ostorlab/KEV
- https://github.com/Sh0ckFR/CVE-2024-4577
- https://github.com/Sysc4ll3r/CVE-2024-4577
- https://github.com/TAM-K592/CVE-2024-4577
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/CVE
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/WanLiChangChengWanLiChang/CVE-2024-4577-RCE-EXP
- https://github.com/Wh02m1/CVE-2024-4577
- https://github.com/XiangDongCJC/CVE-2024-4577-PHP-CGI-RCE
- https://github.com/Yukiioz/CVE-2024-4577
- https://github.com/ZephrFish/CVE-2024-4577-PHP-RCE
- https://github.com/aaddmin1122345/CVE-2024-4577-POC
- https://github.com/bl4cksku11/CVE-2024-4577
- https://github.com/charis3306/CVE-2024-4577
- https://github.com/dbyMelina/CVE-2024-4577
- https://github.com/enomothem/PenTestNote
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/fliggyaa/fscanpoc
- https://github.com/gotr00t0day/CVE-2024-4577
- https://github.com/huseyinstif/CVE-2024-4577-Nuclei-Template
- https://github.com/it-t4mpan/check_cve_2024_4577.sh
- https://github.com/manuelinfosec/CVE-2024-4577
- https://github.com/nitish778191/fitness_app
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ohhhh693/CVE-2024-4577
- https://github.com/onewinner/POCS
- https://github.com/peiqiF4ck/WebFrameworkTools-5.1-main
- https://github.com/princew88/CVE-2024-4577
- https://github.com/taida957789/CVE-2024-4577
- https://github.com/tanjiti/sec_profile
- https://github.com/teamdArk5/Sword
- https://github.com/trganda/starrlist
- https://github.com/vwilzz/PHP-RCE-4577
- https://github.com/watchtowrlabs/CVE-2024-4577
- https://github.com/wjlin0/poc-doc
- https://github.com/wy876/POC
- https://github.com/wy876/wiki
- https://github.com/xcanwin/CVE-2024-4577-PHP-RCE
- https://github.com/zomasec/CVE-2024-4577