Cybersecurity Researchers Uncover New PHP Vulnerability
Cybersecurity researchers have recently identified a new vulnerability in PHP that could potentially allow hackers to execute malicious code remotely. Known as CVE-2024-4577, this vulnerability is classified as a CGI argument injection vulnerability.
As of now, the severity of this vulnerability has not been determined. However, it has been confirmed that it impacts all versions of PHP running on the Windows operating system. Interestingly, this vulnerability was inadvertently introduced while attempting to address a separate flaw.
The Hacker News and the Shadowserver Foundation have reported instances of hackers actively scanning endpoints for this vulnerability. The Shadowserver Foundation issued a warning stating, “Attention! We see multiple IPs testing PHP/PHP-CGI CVE-2024-4577 against our honeypot sensors starting today, June 7th. Vulnerability affects PHP running on Windows.”
DEVCORE has also highlighted that XAMPP installations on Windows are particularly vulnerable when configured to use Traditional Chinese, Simplified Chinese, or Japanese locales. To mitigate the risk, administrators are advised to replace outdated PHP CGI with more secure alternatives like Mod-PHP, FastCGI, or PHP-FPM.
Describing the vulnerability as deceptively simple yet intriguing, the researchers remarked, “Who would have imagined that a patch considered secure for over a decade could be circumvented due to a minor Windows feature?”
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
More from TechRadar Pro