CVE-2024-4577
Published Jun 9, 2024
Last updated 4 months ago
- Description
- In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
- Source
- security@php.net
- NVD status
- Analyzed
- Products
- php, fedora
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- PHP-CGI OS Command Injection Vulnerability
- Exploit added on
- Jun 12, 2024
- Exploit action due
- Jul 3, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
Heads up, hunters! CVE-2024-4577: Critical RCE in PHP-FPM on Windows (CVSS 9.8). This 'best-fit' bypass means arbitrary code execution via argument injection. Check your PHP-CGI deployments ASAP. Patch or get popped! https://t.co/8aTCLSu3fU
@computerauditor
9 Mar 2026
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
HackTheBox - GiveBack 🧩 Plugin vulnerable de WordPress - CVE-2024-5932 🔁 CGI-PHP vulnerable - CVE-2024-4577 🔑 Kubernetes secrets + acceso SSH 🚀 Abuso de runc para escalar privilegios https://t.co/F8QTI2T9UZ
@sckull_
21 Feb 2026
85 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Heads up Sysadmins: We just intercepted and neutralized an active "RedTail" crypto-jacking attack on client servers. Exploiting CVE-2024-4577 (PHP-CGI) to deploy miners hidden as fake [kcached] kernel processes. #InfoSec #Linux #AWS #MalwareAlert https://t.co/F6l3qRcXrF
@SURAJSINGH19746
14 Feb 2026
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New case for 🇯🇵 shows, as one hole in PHP turns into a quiet occupation of the entire network: they beat the CVE-2024-4577, pour PowerShell through PHP, raise Cobalt Strike with TaoWu-plugins, disperse Potatoes to SYSTEM, are registered in registry and bags, clean logs, sca
@Hack_Your_Mom
12 Nov 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
サイバー犯罪者がPHPやそのフレームワークの脆弱性を悪用し、暗号通貨マイニングを加速させている。特に、ThinkPHPやPHPUnit、最近公開されたCVE-2024-4577がターゲットとなり、2025年8月から10月にかけて攻撃が急
@yousukezan
5 Nov 2025
948 Impressions
0 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
26 Oct 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
25 Oct 2025
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📢 𝐇𝐨𝐭 𝐨𝐟𝐟 𝐭𝐡𝐞 𝐩𝐫𝐞𝐬𝐬: 𝐂𝐕𝐄 𝐢𝐧𝐬𝐢𝐠𝐡𝐭𝐬! Learn how CVE-2024-4577 lets attackers hijack PHP servers via CGI injection and how to defend using threat intelligence and proactive mitigation. 👉 Dive into the f
@PurpleOps_io
12 Oct 2025
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Using real-world attack data from Akamai's research team, this session will showcase live exploitation demos, explore the impact of vulnerabilities like CVE-2024-4577 (PHP-CGI Argument Injection), & introduce cutting-edge Unicode fuzzing techniques. Tix: https://t.co/m4J2bIg
@BSides_NoVA
24 Sept 2025
169 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
📢 𝐍𝐞𝐰 𝐂𝐕𝐄 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬 𝐣𝐮𝐬𝐭 𝐝𝐫𝐨𝐩𝐩𝐞𝐝! CVE-2024-4577 lets attackers remotely run code on your server-find out if you're vulnerable and how to stop exploitation before it's too late. 👉 Dive into the full a
@PurpleOps_io
21 Sept 2025
72 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
15 Sept 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
13 Sept 2025
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
10 Sept 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
9 Sept 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
8 Sept 2025
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
6 Sept 2025
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
5 Sept 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
cve-2024-4577 完全に理解した
@saudade_yuki
30 Aug 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ h
@hire_a_hacker12
11 Aug 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Likely botnet mass exploiting CVE-2024-4577 (PHP Vulnerability) 146.185.182.65 🇳🇱 AS 14061 ( DIGITALOCEAN-ASN ) https://t.co/b5uHvQkwdB
@DefusedCyber
24 Jul 2025
193 Impressions
1 Retweet
4 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ h
@cyberecstasy01
12 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ h
@cyberecstasy01
12 Jul 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-4577 Scanner & Exploit PoC released! PHP CGI Argument Injection → Remote Code Execution 🔗 GitHub: https://t.co/KUJb77k6oy #infosec #cybersecurity #CVE2024 #rce #bugbounty #poc
@r0otk3r
7 Jul 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-4577
@transilienceai
2 Jul 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ h
@dack_tech__247
21 Jun 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ h
@THEHACKERPRK
14 Jun 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #breacheyesonly📢📢 #snaphack #buyingcontent #monkeyappgirls🔗🔒🔗 #crypto #snapchatleak #bitcoin💰 #easymoney🌐🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery🚨 Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access
@SeniorRabe39569
12 Jun 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #breacheyesonly📢📢 #snaphack #buyingcontent #monkeyappgirls🔗🔒🔗 #crypto #snapchatleak #bitcoin💰 #easymoney🌐🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery🚨 Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access
@THEHACKERPRK
9 Jun 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #breacheyesonly📢📢 #snaphack #buyingcontent #monkeyappgirls🔗🔒🔗 #crypto #snapchatleak #bitcoin💰 #easymoney🌐🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery🚨 Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access
@jack_27_7
8 Jun 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 #breacheyesonly📢📢 #snaphack #buyingcontent #monkeyappgirls🔗🔒🔗 #crypto #snapchatleak #bitcoin💰 #easymoney🌐🌐 #purchasesnaphack🛎️🛎️ #Everyone #recovery🚨 Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access
@techammend
8 Jun 2025
159 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
💥 LockBit ransomware gang hacked Their dark web site was defaced, leaking a MySQL dump with 75 affiliate passwords, chats, BTC addresses, and configs. The breach (via CVE-2024-4577) adds to LockBit’s post-Cronos downfall. https://t.co/r5vn93jjUG #Lockbit #DataLeak #DarkWe
@dCypherIO
8 May 2025
134 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/ojnlvtvYqO
@recoverythreata
23 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/MXIw3413mB
@walletwardenn
22 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/9nERalEnWb
@HACK_PRO1
22 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨#breacheyesonly📢📢 #snaphack #buyingcontent #monkeyappgirls🔗🔐🔗 #crypto #snapchatleak #bitcoin฿💰#easymoney🌐#purchasesnaphack🛎️🛎️#Everyone #recovery🚨Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access to systems in Japan‼‼‼💼💼 http
@dack_tech_247
21 Apr 2025
64 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/YYycT2w8bw
@HACK_PRO1
21 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/I6yWjIq4mp
@Vectorhackz
19 Apr 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨#breacheyesonly📢📢 #snaphack #buyingcontent #monkeyappgirls🔗🔐🔗 #crypto #snapchatleak #bitcoin฿💰#easymoney🌐#purchasesnaphack🛎️🛎️#Everyone #recovery🚨Cybercriminals are exploiting CVE-2024-4577, a critical PHP flaw, to gain remote access to systems in Japan‼‼‼💼💼 http
@RuskovUnlock
19 Apr 2025
18 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/O6r87kkFWY
@JOE_HACKER1
16 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/toCfLJt4h0
@walletwardenn
16 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/9H0lc2PQoc
@Resolution_HQ
16 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/SRUdvQNoD8
@THEHACKERPRK
16 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/6K00AQboU8
@THEHACKERPRK
16 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/CDB3TjfZOj
@THEHACKERPRK
16 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/7bCnmBsHry
@ACQUA__TECH
15 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/1pooepxqqm
@xandrai69
14 Apr 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/yukFaVvMIz
@Ghost_hacker001
14 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/zHnGbJvE0S
@xandrai69
14 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/RgZIVqLft3
@spycyberservice
14 Apr 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#hack #snaphack📢📢📢📢 #buyingcontent #monkeyapp #telegramlink #buysnaphack Pay before service only. $$💵💵💰💰 #snapchatleak Hackers are exploiting CVE-2024-4577 to deploy crypto miners ⛏️ & Quasar RAT on Windows servers‼‼ https://t.co/pJP6LMw2JK
@DCybersentinel
14 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7DC2EEF8-834B-42A1-8DA3-0C2CF22A7070",
"versionEndExcluding": "8.1.29",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A39988FF-D854-4277-9D66-6911AF371DD3",
"versionEndExcluding": "8.2.20",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F579FFC1-4F81-4755-B14B-3AA73AC9FF7A",
"versionEndExcluding": "8.3.8",
"versionStartIncluding": "8.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]