New PHP Vulnerability Exposes Windows Servers to Remote Code Execution

[VincaSec]

Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances.

The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.

According to DEVCORE security researcher, the shortcoming makes it possible to bypass protections put in place for another security flaw, CVE-2012-1823.

https://thehackernews.com/2024/06/new-ph...ndows.html