CVE-2024-4577: PHP-CGI Argument Injection Vulnerability (PoC Available)

9 months ago
June 10, 2024
1 comment
278 views

Forum|alt.badge.img

+7

dips
Veeam Legend
808 comments

Hi Folks,

PHP has a Remote Code Execution Vulnerability that has been rated as 9.8 on CVSSv3 which is pretty much a ‘PATCH NOW’ vulnerability.

Versions affected:

8.1.28 and below
8.2.19 and below
8.3.7 and below

More here:

https://www.tenable.com/blog/cve-2024-4577-proof-of-concept-available-for-php-cgi-argument-injection-vulnerability

Latest Versions - Release notes:

8.1.29 - https://www.php.net/ChangeLog-8.php#8.1.29
8.2.20 - https://www.php.net/ChangeLog-8.php#8.2.20
8.3.8 - https://www.php.net/ChangeLog-8.php#8.3.8

Forum|alt.badge.img

+21

Chris.Childerhose
Veeam Legend, Veeam Vanguard
8492 comments
9 months ago
June 10, 2024

Thanks for sharing this Dips. Glad I have a good hosting provider for my blog that updates regularly for me. Hopefully it does not become too bad.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech

Comment

Rich Text Editor, editor1