CVE-2024-4577: PHP CGI Argument Injection

Q: What is CVE-2024-4577?

CVE-2024-4577 is a critical RCE in PHP CGI on Windows that bypasses a 12-year-old patch using Unicode encoding tricks. Exploited within 24 hours of disclosure.

CRITICAL

9.8CRITICAL

Published: 2024-06-06Affected: PHP CGI on Windows (all versions before 8.3.8)CWE-78 ↗

What is CVE-2024-4577?

An argument injection vulnerability in PHP CGI on Windows that bypasses the CVE-2012-1823 protection. Attackers can use specific Unicode character encoding to inject arguments into PHP CGI, leading to remote code execution.

Impact & Exploitation

Exploited in the wild within 24 hours. Affects all unpatched PHP installations using CGI mode on Windows — a common configuration in legacy enterprise applications.

How Precogs AI Detects PHP CGI Argument Injection

Precogs AI Binary DAST detects PHP CGI argument injection during runtime testing of compiled PHP applications on Windows, including legacy deployments.

Scan for CVE-2024-4577

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

CVE-2024-4577: PHP CGI Argument Injection

What is CVE-2024-4577?

Impact & Exploitation

How Precogs AI Detects PHP CGI Argument Injection

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?

What is CVE-2024-4577?

Impact & Exploitation

How Precogs AI Detects PHP CGI Argument Injection

Related Resources

🔍 Related CWE Entries

📋 OWASP Top 10

📖 Security Guides

🛡️ Notable Vulnerabilities

🔗 External References

Precogs Research

Base Score

Tags

Quick Links

Is your system affected?