A critical PHP vulnerability (CVE-2024-4577), discovered last year is currently being exploited in the wild. A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise and deliver malware including ransomware. Severity level: CVSS Score: 9.8/Critical Description: PHP is a widely used open-source scripting language commonly used for web development and commonly used on both Windows and Linux servers. PHP CGI is a method of running PHP scripts through the Common Gateway Interface (CGI) to handle HTTP requests and generate dynamic web content. This vulnerability affects PHP installations on the Windows operating system, which either run PHP under CGI mode or expose the PHP binary. Affected Versions:
PHP 8.3 versions earlier than 8.3.8
PHP 8.2 versions earlier than 8.2.20
PHP 8.1 versions earlier than 8.1.29 Impact: This Vulnerability if exploited could lead to the execution of arbitrary code, a scenario with severe consequences for system integrity and data security. Resolution: Upgrade to the latest version. Reference:
