CVE-2024-4577β€”PHP-CGI OS Command Injection Vulnerability

PUBLISHEDvulnerability record
2024-06-12 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2024-4577
Project:
PHP Group
Product:
PHP
Date Added:
2024-06-12
Due Date:
2024-07-03
Last Updated:
June 21, 2025

Vulnerability Name

PHP-CGI OS Command Injection Vulnerability

Description

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

Related News Articles

Related Weaknesses