CVE-2024-4577: PHP CGI Argument Injection

Score: 9.8
CRITICAL
Published: 2024-06-06Affected: PHP CGI on Windows (all versions before 8.3.8)CWE-78 β†—

What is CVE-2024-4577?

An argument injection vulnerability in PHP CGI on Windows that bypasses the CVE-2012-1823 protection. Attackers can use specific Unicode character encoding to inject arguments into PHP CGI, leading to remote code execution.

Impact & Exploitation

Exploited in the wild within 24 hours. Affects all unpatched PHP installations using CGI mode on Windows β€” a common configuration in legacy enterprise applications.

Related Resources

πŸ” Related CWE Entries

πŸ“‹ OWASP Top 10

πŸ“– Security Guides

πŸ›‘οΈ Notable Vulnerabilities

πŸ”— External References

Precogs Logo

Precogs Research

This vulnerability intelligence report was analyzed and enriched by the Precogs AI Security Team. Our researchers continuously monitor emerging threats across AI code, LLM pipelines, and binary architectures to ensure accurate real-time remediation guidance.

Base Score

CVSS9.8
SeverityCRITICAL
CWECWE-78
Published2024-06-06

Tags

phprcewindowscgi

Quick Links

Is your system affected?

Precogs AI detects PHP CGI Argument Injection in compiled binaries and firmware β€” even without source code.

Request Deep Analysis

Is Your System Still Exposed to Critical CVEs?

Vulnerabilities like CVE-2024-4577 PHP CGI Argument Injection don’t just exist in source code β€” they persist in compiled binaries, containers, and embedded systems. Precogs AI detects vulnerable components across your entire stack β€” even when source code isn’t available.

Request Deep AnalysisBook a demo