PRP: CVE-2024-4577 - PHP-CGI RCE #572
Labels
Contributor main
The main issue a contributor is working on (top of the contribution queue).
PRP:Accepted
Comments
|
You can work on this. |
tooryx
added
PRP:Accepted
Contributor main
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there.
I would like to implement a plugin to detect a PHP-CGI RCE (CVE-2024-4577) affecting deployments of PHP that use Apache and that run on Windows, such as when using XAMPP, a popular platform for PHP development.
Specifically, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages (such as the Japanese locale), Windows may use "Best-Fit" behavior to replace characters in the command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to the PHP binary being run, allowing to achieve RCE.
This vulnerability affects the following versions of PHP installed on the Windows operating system:
References:
https://nvd.nist.gov/vuln/detail/cve-2024-4577
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
https://github.com/watchtowrlabs/CVE-2024-4577
Thanks.
The text was updated successfully, but these errors were encountered: