Tag: PHP Vulnerability

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks
News

PHP Vulnerability Exploited to Spread Malware and Launch DDoS Attacks

A recently discovered PHP security vulnerability has been reported to be used by a number of threat actors to propagate distributed denial-of-service (DDoS) botnets, bitcoin miners, and remote access trojans. The CVE-2024-4577 vulnerability (CVSS score: 9.8) in question gives an attacker the ability to remotely execute malicious commands on Windows computers that are configured with Chinese and Japanese language locales. It was made known to the public in early June 2024. Researchers at Akamai, Kyle Lefton, Allen West, and Sam Tinklenberg, identified a vulnerability called CVE-2024-4577 that lets an attacker bypass the command line and pass arguments that are parsed directly by PHP. They made this discovery on Wednesday. "The method used to translate Unicode characters into ASCII is...
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
News

New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

Information has surfaced on a new serious security vulnerability affecting PHP that, in some cases, might be used to accomplish remote code execution. The flaw, identified as CVE-2024-4577, is said to be a CGI argument injection vulnerability that affects all PHP versions that are installed on Windows computers. The vulnerability, according to security researcher DEVCORE, allows one to go around defenses put in place for another security weakness, CVE-2012-1823. Security researcher Orange Tsai stated, "The team did not notice the Best-Fit feature of encoding conversion within the Windows operating system while implementing PHP." Due to this error, attackers without authorization can now get beyond read more about New PHP Vulnerability Exposes Windows Servers to Remote Code Execut...