CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability | allinfosecnews.com

June 7, 2024, 5:18 p.m. | Scott Caveza

Cyber Exposure Alerts www.tenable.com

Researchers disclose a critical severity vulnerability affecting PHP installations and provide proof-of-concept exploit code, which could lead to remote code execution.

Background

On June 6, maintainers of PHP released updates to address a critical vulnerability affecting installations where PHP is used in CGI mode. As part of a coordinated release, researchers at DEVCORE published a blog post with their analysis of the vulnerability and its impact.

CVEDescriptionCVSSv3CVE-2024-4577PHP-CGI Argument Injection Vulnerability9.8

Analysis

CVE-2024-4577 is a critical argument injection …

More from www.tenable.com / Cyber Exposure Alerts

CVE-2024-5806: Progress MOVEit Transfer Authentication Bypass Vulnerability 3 days, 18 hours ago | www.tenable.com

advisory authentication authentication bypass bypass +27

CVE-2024-28995: SolarWinds Serv-U Path/Directory Traversal Vulnerability Exploited in the Wild 1 week ago | www.tenable.com

advisory automated concept cve +33

Microsoft’s June 2024 Patch Tuesday Addresses 49 CVEs 2 weeks, 3 days ago | www.tenable.com

CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability 3 weeks ago | www.tenable.com

Rockwell Automation: Disconnect OT Devices with Public-Facing Internet Access, Patch or Mitigate Logix, FactoryTalk CVEs 3 weeks, 2 days ago | www.tenable.com

access advisory automation best practices +22

CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server 3 weeks, 4 days ago | www.tenable.com

These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action … 3 weeks, 5 days ago | www.tenable.com

abusing action attention azure +16

CVE-2024-24919: Check Point Security Gateway Information Disclosure Zero-Day Exploited in the Wild 4 weeks, 2 days ago | www.tenable.com

Microsoft’s May 2024 Patch Tuesday Addresses 59 CVEs (CVE-2024-30051, CVE-2024-30040) 1 month, 2 weeks ago | www.tenable.com

addresses critical critical vulnerability cve +15

Watch Officer and Operations Officer

@ Interclypse | Arlington, VA, US

View on infosec-jobs.com

Sales Development Representative

@ Devo | United States

View on infosec-jobs.com

Principal Software Engineer

@ Oracle | Seattle, WA, United States

View on infosec-jobs.com

Engineering Manager, Cloud - TDIR (Remote)

@ CrowdStrike | USA CA Remote

View on infosec-jobs.com

Linux System Administrator II

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com

Linux System Administrator

@ Peraton | Fort Meade, MD, United States

View on infosec-jobs.com