CVE-2024-4577: PHP-CGI Argument Injection Vulnerability (PoC Available)

Forum|Forum|1 year ago
June 10, 2024
1 comment
344 views

Forum|alt.badge.img

+7

dips
On the path to Greatness

Hi Folks,

PHP has a Remote Code Execution Vulnerability that has been rated as 9.8 on CVSSv3 which is pretty much a ‘PATCH NOW’ vulnerability.

Versions affected:

8.1.28 and below
8.2.19 and below
8.3.7 and below

More here:

https://www.tenable.com/blog/cve-2024-4577-proof-of-concept-available-for-php-cgi-argument-injection-vulnerability

Latest Versions - Release notes:

8.1.29 - https://www.php.net/ChangeLog-8.php#8.1.29
8.2.20 - https://www.php.net/ChangeLog-8.php#8.2.20
8.3.8 - https://www.php.net/ChangeLog-8.php#8.3.8

Forum|alt.badge.img

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
Forum|Forum|1 year ago
June 10, 2024

Thanks for sharing this Dips. Glad I have a good hosting provider for my blog that updates regularly for me. Hopefully it does not become too bad.

Chris Childerhose (Enterprise Architect) - VMCA | VMCE | VMCE-SP | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 7* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech

Like