THREATOPS
THREAT OPSCVEs › CVE-2024-4577

CVE-2024-4577 — PHP-CGI OS Command Injection Vulnerability

CISA KEVExploited: confirmedPHP Group

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

Vulnerability details