Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation.
Tracked as CVE-2024-4577, this PHP-CGI argument injection flaw was patched in June 2024 and affects Windows PHP installations with PHP running in CGI mode. Successful exploitation enables unauthenticated attackers to execute arbitrary code and leads to complete system compromise following successful exploitation.
A day after PHP maintainers released CVE-2024-4577 patches on June 7, 2024, WatchTowr Labs released proof-of-concept (PoC) exploit code, and the Shadowserver Foundation reported observing exploitation attempts.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
