Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-4577

In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.944
EPSS Ranking 100.0%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.
Ransomware Campaign
Known
References
Products affected by CVE-2024-4577
  • Php » Php » Version: 8.1.0
    cpe:2.3:a:php:php:8.1.0
  • Php » Php » Version: 8.1.1
    cpe:2.3:a:php:php:8.1.1
  • Php » Php » Version: 8.1.10
    cpe:2.3:a:php:php:8.1.10
  • Php » Php » Version: 8.1.12
    cpe:2.3:a:php:php:8.1.12
  • Php » Php » Version: 8.1.13
    cpe:2.3:a:php:php:8.1.13
  • Php » Php » Version: 8.1.14
    cpe:2.3:a:php:php:8.1.14
  • Php » Php » Version: 8.1.15
    cpe:2.3:a:php:php:8.1.15
  • Php » Php » Version: 8.1.16
    cpe:2.3:a:php:php:8.1.16
  • Php » Php » Version: 8.1.17
    cpe:2.3:a:php:php:8.1.17
  • Php » Php » Version: 8.1.18
    cpe:2.3:a:php:php:8.1.18
  • Php » Php » Version: 8.1.19
    cpe:2.3:a:php:php:8.1.19
  • Php » Php » Version: 8.1.2
    cpe:2.3:a:php:php:8.1.2
  • Php » Php » Version: 8.1.20
    cpe:2.3:a:php:php:8.1.20
  • Php » Php » Version: 8.1.21
    cpe:2.3:a:php:php:8.1.21
  • Php » Php » Version: 8.1.22
    cpe:2.3:a:php:php:8.1.22
  • Php » Php » Version: 8.1.23
    cpe:2.3:a:php:php:8.1.23
  • Php » Php » Version: 8.1.24
    cpe:2.3:a:php:php:8.1.24
  • Php » Php » Version: 8.1.25
    cpe:2.3:a:php:php:8.1.25
  • Php » Php » Version: 8.1.26
    cpe:2.3:a:php:php:8.1.26
  • Php » Php » Version: 8.1.27
    cpe:2.3:a:php:php:8.1.27
  • Php » Php » Version: 8.1.28
    cpe:2.3:a:php:php:8.1.28
  • Php » Php » Version: 8.1.3
    cpe:2.3:a:php:php:8.1.3
  • Php » Php » Version: 8.1.4
    cpe:2.3:a:php:php:8.1.4
  • Php » Php » Version: 8.1.5
    cpe:2.3:a:php:php:8.1.5
  • Php » Php » Version: 8.1.6
    cpe:2.3:a:php:php:8.1.6
  • Php » Php » Version: 8.1.7
    cpe:2.3:a:php:php:8.1.7
  • Php » Php » Version: 8.1.8
    cpe:2.3:a:php:php:8.1.8
  • Php » Php » Version: 8.1.9
    cpe:2.3:a:php:php:8.1.9
  • Php » Php » Version: 8.2.0
    cpe:2.3:a:php:php:8.2.0
  • Php » Php » Version: 8.2.1
    cpe:2.3:a:php:php:8.2.1
  • Php » Php » Version: 8.2.10
    cpe:2.3:a:php:php:8.2.10
  • Php » Php » Version: 8.2.11
    cpe:2.3:a:php:php:8.2.11
  • Php » Php » Version: 8.2.12
    cpe:2.3:a:php:php:8.2.12
  • Php » Php » Version: 8.2.13
    cpe:2.3:a:php:php:8.2.13
  • Php » Php » Version: 8.2.14
    cpe:2.3:a:php:php:8.2.14
  • Php » Php » Version: 8.2.15
    cpe:2.3:a:php:php:8.2.15
  • Php » Php » Version: 8.2.16
    cpe:2.3:a:php:php:8.2.16
  • Php » Php » Version: 8.2.17
    cpe:2.3:a:php:php:8.2.17
  • Php » Php » Version: 8.2.18
    cpe:2.3:a:php:php:8.2.18
  • Php » Php » Version: 8.2.19
    cpe:2.3:a:php:php:8.2.19
  • Php » Php » Version: 8.2.2
    cpe:2.3:a:php:php:8.2.2
  • Php » Php » Version: 8.2.3
    cpe:2.3:a:php:php:8.2.3
  • Php » Php » Version: 8.2.4
    cpe:2.3:a:php:php:8.2.4
  • Php » Php » Version: 8.2.5
    cpe:2.3:a:php:php:8.2.5
  • Php » Php » Version: 8.2.6
    cpe:2.3:a:php:php:8.2.6
  • Php » Php » Version: 8.2.7
    cpe:2.3:a:php:php:8.2.7
  • Php » Php » Version: 8.2.8
    cpe:2.3:a:php:php:8.2.8
  • Php » Php » Version: 8.2.9
    cpe:2.3:a:php:php:8.2.9
  • Php » Php » Version: 8.3.0
    cpe:2.3:a:php:php:8.3.0
  • Php » Php » Version: 8.3.1
    cpe:2.3:a:php:php:8.3.1
  • Php » Php » Version: 8.3.2
    cpe:2.3:a:php:php:8.3.2
  • Php » Php » Version: 8.3.3
    cpe:2.3:a:php:php:8.3.3
  • Php » Php » Version: 8.3.4
    cpe:2.3:a:php:php:8.3.4
  • Php » Php » Version: 8.3.5
    cpe:2.3:a:php:php:8.3.5
  • Php » Php » Version: 8.3.6
    cpe:2.3:a:php:php:8.3.6
  • Php » Php » Version: 8.3.7
    cpe:2.3:a:php:php:8.3.7
  • Fedoraproject » Fedora » Version: 39
    cpe:2.3:o:fedoraproject:fedora:39
  • Fedoraproject » Fedora » Version: 40
    cpe:2.3:o:fedoraproject:fedora:40
  • Microsoft » Windows » Version: N/A
    cpe:2.3:o:microsoft:windows:-


Products
Pricing
Contact Us

Shodan ® - All rights reserved