{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-4577", "ASSIGNER": "security@php.net", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "In PHP versions\u00a08.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use \"Best-Fit\" behavior to replace characters in command line given to\u00a0Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "cweId": "CWE-78" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "PHP Group", "product": { "product_data": [ { "product_name": "PHP", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "versions": [ { "lessThan": "8.1.29", "status": "affected", "version": "8.1.*", "versionType": "semver" }, { "lessThan": "8.2.20", "status": "affected", "version": "8.2.*", "versionType": "semver" }, { "lessThan": "8.3.8", "status": "affected", "version": "8.3.*", "versionType": "semver" } ], "defaultStatus": "affected" } } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv", "refsource": "MISC", "name": "https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv" }, { "url": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html", "refsource": "MISC", "name": "https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html" }, { "url": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/", "refsource": "MISC", "name": "https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/" }, { "url": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/", "refsource": "MISC", "name": "https://arstechnica.com/security/2024/06/php-vulnerability-allows-attackers-to-run-malicious-code-on-windows-servers/" }, { "url": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/", "refsource": "MISC", "name": "https://www.imperva.com/blog/imperva-protects-against-critical-php-vulnerability-cve-2024-4577/" }, { "url": "https://github.com/11whoami99/CVE-2024-4577", "refsource": "MISC", "name": "https://github.com/11whoami99/CVE-2024-4577" }, { "url": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE", "refsource": "MISC", "name": "https://github.com/xcanwin/CVE-2024-4577-PHP-RCE" }, { "url": "https://github.com/rapid7/metasploit-framework/pull/19247", "refsource": "MISC", "name": "https://github.com/rapid7/metasploit-framework/pull/19247" }, { "url": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/", "refsource": "MISC", "name": "https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/" }, { "url": "https://github.com/watchtowrlabs/CVE-2024-4577", "refsource": "MISC", "name": "https://github.com/watchtowrlabs/CVE-2024-4577" }, { "url": "https://www.php.net/ChangeLog-8.php#8.1.29", "refsource": "MISC", "name": "https://www.php.net/ChangeLog-8.php#8.1.29" }, { "url": "https://www.php.net/ChangeLog-8.php#8.2.20", "refsource": "MISC", "name": "https://www.php.net/ChangeLog-8.php#8.2.20" }, { "url": "https://www.php.net/ChangeLog-8.php#8.3.8", "refsource": "MISC", "name": "https://www.php.net/ChangeLog-8.php#8.3.8" }, { "url": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately", "refsource": "MISC", "name": "https://cert.be/en/advisory/warning-php-remote-code-execution-patch-immediately" }, { "url": "https://isc.sans.edu/diary/30994", "refsource": "MISC", "name": "https://isc.sans.edu/diary/30994" }, { "url": "http://www.openwall.com/lists/oss-security/2024/06/07/1", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2024/06/07/1" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/" }, { "url": "https://security.netapp.com/advisory/ntap-20240621-0008/", "refsource": "MISC", "name": "https://security.netapp.com/advisory/ntap-20240621-0008/" } ] }, "generator": { "engine": "Vulnogram 0.2.0" }, "source": { "advisory": "GHSA-3qgc-jrrr-25jv", "discovery": "EXTERNAL" }, "configuration": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "This problem is only present in Windows versions of PHP running in CGI mode, in systems where a codepage using \"Best Fit\" strategy is enabled. 
" } ], "value": "This problem is only present in Windows versions of PHP running in CGI mode, in systems where a codepage using \"Best Fit\" strategy is enabled." } ], "credits": [ { "lang": "en", "value": "Orange Tsai, DEVCORE Research Team" } ], "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] } }