.. / CVE-2024-4577

Exploit for PHP CGI < 8.3.8, 8.2.20, 8.1.29 - Unauthenticated Remote Code Execution (CVE-2024-4577)

Description:

PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.

Affected Products:

Proof of Concept

PoC exploit

Nuclei Template

View the template here CVE-2024-4577.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-4577.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-4577
https://github.com/watchtowrlabs/CVE-2024-4577