CVE-2024-4577: Proof of Concept Available for PHP-CGI...

CVE-2024-4577: Proof of Concept Available for PHP-CGI Argument Injection Vulnerability

On June 6, maintainers of PHP released updates to address a critical vulnerability affecting installations where PHP is used in CGI mode. As part of a coordinated release, researchers at DEVCORE published a blog post with their analysis of the vulnerability and its impact.

CVE-2024-4577 is a critical argument injection vulnerability in PHP that can be exploited to achieve remote code execution (RCE). According to researchers at DEVCORE, this flaw is the result of errors in character encoding conversions, affecting the “Best Fit” feature on Windows.

On June 7, researchers at watchTowr released a proof-of-concept (PoC) script for CVE-2024-4577 on their GitHub page.

For more information about the vulnerability, including the availability of patches and Tenable product coverage, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CVE-2024-4577: Proof of Concept Available for PHP-CGI...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia