{"id":37958,"date":"2025-03-17T11:15:56","date_gmt":"2025-03-17T15:15:56","guid":{"rendered":"https:\/\/www.yorku.ca\/uit\/?p=37958"},"modified":"2025-03-17T10:23:17","modified_gmt":"2025-03-17T15:23:17","slug":"php-cgi-vulnerability-cve-2024-4577","status":"publish","type":"post","link":"https:\/\/www.yorku.ca\/uit\/2025\/03\/php-cgi-vulnerability-cve-2024-4577\/","title":{"rendered":"PHP CGI Vulnerability (CVE-2024-4577)"},"content":{"rendered":"
\n
\n
\n

 <\/o:p><\/p>\n

\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n\n
\n

\"A<\/span><\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p>\n

Service <\/span><\/b>Advisory <\/span><\/b><\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p>\n

A critical PHP vulnerability (CVE-2024-4577), discovered last year is currently being exploited in the wild. <\/span>A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise and deliver malware including ransomware.

<\/b><\/span>Severity level:<\/span><\/b> 
<\/span><\/b>CVSS Score: 9.8\/Critical

Description<\/b>:
PHP is a widely used open-source scripting language commonly used for web development and commonly used on both Windows and Linux servers. PHP CGI is a method of running PHP scripts through the Common Gateway Interface (CGI) to handle HTTP requests and generate dynamic web content. This vulnerability affects PHP installations on the Windows operating system, which either run PHP under CGI mode or expose the PHP binary.
<\/span>
Affected Versions<\/b><\/span>:<\/span><\/b><\/o:p><\/span><\/p>\n

PHP 8.3 versions earlier than 8.3.8<\/o:p><\/span><\/p>\n

PHP 8.2 versions earlier than 8.2.20<\/o:p><\/span><\/p>\n

PHP 8.1 versions earlier than 8.1.29

Impact:
<\/b><\/span>This Vulnerability if exploited could lead to the execution of arbitrary code, a scenario with severe consequences for system integrity and data security.
<\/span>
Resolution:
<\/span><\/b>Upgrade to the latest version.
<\/span>
Reference:<\/span><\/b><\/o:p><\/span><\/p>\n

https:\/\/www.cvedetails.com\/cve\/CVE-2024-4577\/<\/span><\/a><\/span><\/o:p><\/span><\/p>\n

www.cyber.gc.ca\/en\/alerts-advisories\/al25-001-mass-exploitation-critical-php-cgi-vulnerability-cve-2024-4577<\/a><\/span>https:\/\/www.bleepingcomputer.com\/news\/security\/critical-php-rce-vulnerability-mass-exploited-in-new-attacks\/<\/span><\/a><\/o:p><\/span><\/p>\n

https:\/\/www.php.net\/downloads.php<\/span><\/a><\/o:p><\/span><\/p>\n

https:\/\/www.securityweek.com\/mass-exploitation-of-critical-php-vulnerability-begins\/<\/span><\/a><\/span><\/o:p><\/span><\/p>\n

https:\/\/www.bitsight.com\/blog\/cve-2024-4577-windows-encoding-gone-wrong<\/span><\/a><\/o:p><\/span><\/span><\/p>\n

<\/p>\n

<\/span>UIT Information Security<\/span><\/p>\n

<\/span><\/o:p><\/span><\/p>\n

Contact<\/o:p><\/span><\/b><\/p>\n

IT Client Services at askIT@yorku.ca<\/a><\/a> or 416 736 5800 <\/o:p><\/span><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n

\n\n\n\n
\n\n\n\n\n
\n

 <\/o:p><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n

\n\n\n\n
\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n

PRIVACY POLICY<\/span><\/a><\/span> | <\/span>VISIT WWW.YORKU.CA<\/span><\/a>
This email was sent by: York University, 4700 Keele Street, Toronto, Ontario M3J 1P3<\/b> <\/span><\/o:p><\/span><\/p>\n

This email is viewed best in Microsoft Outlook for web <\/span><\/o:p><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/o:p><\/span><\/p><\/div>\n<\/p><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    Service Advisory    A critical PHP vulnerability (CVE-2024-4577), discovered last year is currently being exploited in the wild. A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise and deliver malware including ransomware. Severity level:  CVSS Score: 9.8\/Critical […]<\/p>\n","protected":false},"author":212,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","footnotes":""},"categories":[29],"tags":[],"class_list":["post-37958","post","type-post","status-publish","format-standard","hentry","category-news"],"taxonomy_info":{"category":[{"value":29,"label":"News"}]},"featured_image_src_large":false,"author_info":{"display_name":"aalaily","author_link":"https:\/\/www.yorku.ca\/uit\/author\/aalaily\/"},"comment_info":"","category_info":[{"term_id":29,"name":"News","slug":"news","term_group":0,"term_taxonomy_id":3,"taxonomy":"category","description":"","parent":0,"count":485,"filter":"raw","cat_ID":29,"category_count":485,"category_description":"","cat_name":"News","category_nicename":"news","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts\/37958","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/users\/212"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/comments?post=37958"}],"version-history":[{"count":0,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts\/37958\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/media?parent=37958"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/categories?post=37958"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/tags?post=37958"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}