A critical vulnerability in PHP, identified as CVE-2024-4577, is being actively exploited, affecting millions of servers running PHP on Windows. The flaw allows remote code execution via CGI argument injection. Patches have been released, and developers are urged to update to PHP versions 8.3.8, 8.2.20, or 8.1.29 immediately. The exploit has been used in ransomware attacks by TellYouThePass.
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers https://t.co/TYujPwb3v9
PHP Vulnerability (CVE-2024-4577) Actively Exploited in TellYouThePass Ransomware Attacks https://t.co/8jpaBmX3zW
Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability https://t.co/jbPwhrGZd7
CVE-2024-23692: Unauthenticated RCE Flaw in Rejetto HTTP File Server, PoC Published https://t.co/MSDzUbpXP1
PHP addressed critical RCE flaw potentially impacting millions of servers: https://t.co/EoX67FhFfZ by Security Affairs #infosec #cybersecurity #technology #news
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution https://t.co/IHd61OlfNX
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution: https://t.co/W12VxiD8ma by The Hacker News #infosec #cybersecurity #technology #news
🛑 Attention Developers and SysAdmins! A new PHP flaw (CVE-2024-4577) affects all of its Windows versions, enabling remote code execution via CGI argument injection. Learn more: https://t.co/IuR8qXUrKG Patch is available—update to PHP 8.3.8, 8.2.20, or 8.1.29 immediately.
PHP vulnerability allows attackers to run malicious code on Windows servers https://t.co/FxCYf11mba
PHP fixes critical RCE flaw impacting all versions for Windows https://t.co/fGOlP0H31f
EmailGPT Exposed to Prompt Injection Attacks https://t.co/xmtKvTIzWe
No Way, PHP Strikes Again! (CVE-2024-4577) - watchTowr Labs https://t.co/DrEmjITR18
Attention! We see multiple IPs testing PHP/PHP-CGI CVE-2024-4577 (Argument Injection Vulnerability) against our honeypot sensors starting today, June 7th. Vulnerability affects PHP running on Windows. Patches released June 6th: https://t.co/jM5HgGUZJF Exploit PoC is public.
CVE-2024-4577 - Yet Another PHP RCE: Make PHP-CGI Argument Injection Great Again! https://t.co/idBiX3uU6y
CVE-2024-4577: Critical PHP Vulnerability Exposes Millions of Servers to RCE https://t.co/slgorAvrKf