A new critical security flaw impacting PHP has been discovered, which could potentially be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, is a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.
According to DEVCORE security researcher, the flaw allows unauthenticated attackers to bypass the previous protection of CVE-2012-1823 by specific character sequences. This means that arbitrary code can be executed on remote PHP servers through the argument injection attack.
The vulnerability was responsibly disclosed on May 7, 2024, and a fix has been made available in PHP versions 8.3.8, 8.2.20, and 8.1.29.
DEVCORE has warned that all XAMPP installations on Windows are vulnerable by default when configured to use the locales for Traditional Chinese, Simplified Chinese, or Japanese. The Taiwanese company is also recommending that administrators move away from the outdated PHP CGI altogether and opt for a more secure solution such as Mod-PHP, FastCGI, or PHP-FPM.
“This vulnerability is incredibly simple, but that’s also what makes it interesting,” said security researcher Orange Tsai. “Who would have thought that a patch, which has been reviewed and proven secure for the past 12 years, could be bypassed due to a minor Windows feature?”
The Shadowserver Foundation has already detected exploitation attempts involving the flaw against its honeypot servers within 24 hours of public disclosure. Furthermore, watchTowr Labs was able to devise an exploit for CVE-2024-4577 and achieve remote code execution, making it imperative that users move quickly to apply the latest patches.
Attention! We see multiple IPs testing PHP/PHP-CGI CVE-2024-4577 (Argument Injection Vulnerability) against our honeypot sensors starting today, June 7th. Vulnerability affects PHP running on Windows.
Patches released June 6th: https://t.co/jM5HgGUZJF
Exploit PoC is public.
— The Shadowserver Foundation (@Shadowserver) June 7, 2024
“A nasty bug with a very simple exploit,” said security researcher Aliz Hammond. “Those running in an affected configuration under one of the affected locales β Chinese (simplified, or traditional) or Japanese β are urged to do this as fast as humanly possible, as the bug has a high chance of being exploited en-mass due to the low exploit complexity.”
You may also like:- How To Fix the Crowdstrike/BSOD Issue in Microsoft Windows
- MICROSOFT is Down Worldwide – Read Full Story
- Windows Showing Blue Screen Of Death Error? Here’s How You Can Fix It
- A Guide to SQL Operations: Selecting, Inserting, Updating, Deleting, Grouping, Ordering, Joining, and Using UNION
- Top 10 Most Common Software Vulnerabilities
- Essential Log Types for Effective SIEM Deployment
- How to Fix the VMware Workstation Error: “Unable to open kernel device ‘.\VMCIDev\VMX'”
- Top 3 Process Monitoring Tools for Malware Analysis
- CVE-2024-6387 – Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems
- 22 Most Widely Used Testing Tools
This Post Has 2 Comments