New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Information has surfaced on a new serious security vulnerability affecting PHP that, in some cases, might be used to accomplish remote code execution.

The flaw, identified as CVE-2024-4577, is said to be a CGI argument injection vulnerability that affects all PHP versions that are installed on Windows computers.

The vulnerability, according to security researcher DEVCORE, allows one to go around defenses put in place for another security weakness, CVE-2012-1823.

Security researcher Orange Tsai stated, “The team did not notice the Best-Fit feature of encoding conversion within the Windows operating system while implementing PHP.” Due to this error, attackers without authorization can now get beyond read more about New PHP Vulnerability Exposes Windows Servers to Remote Code Execution.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *