Dan Goodin on Nostr: Researchers have discovered a critical RCE in PHP for Windows. CVE-2024-4577 allows ...
Researchers have discovered a critical RCE in PHP for Windows. CVE-2024-4577 allows unauthenticated people to bypass the protection for a previously fixed vulnerability (CVE-2012-1823) using specific character sequences. Arbitrary code can be executed on remote PHP servers through the argument injection attack.
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/