Particulars have emerged about a new critical security flaw impacting PHP that could be exploited to accomplish remote code execution under certain conditions.
The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability impacting all variations of PHP installed on the Windows working technique.
According to DEVCORE security researcher, the shortcoming helps make it feasible to bypass protections set in spot for another security flaw, CVE-2012-1823.
“While implementing PHP, the workforce did not detect the Most effective-Fit feature of encoding conversion within the Windows working method,” security researcher Orange Tsai said.
“This oversight lets unauthenticated attackers to bypass the past defense of CVE-2012-1823 by specific character sequences. Arbitrary code can be executed on distant PHP servers by the argument injection attack.”
Subsequent accountable disclosure on May perhaps 7, 2024, a deal with for the vulnerability has been made out there in PHP variations 8.3.8, 8.2.20, and 8.1.29.
DEVCORE has warned that all XAMPP installations on Windows are vulnerable by default when configured to use the locales for Regular Chinese, Simplified Chinese, or Japanese.
The Taiwanese corporation is also recommending that directors move absent from the out-of-date PHP CGI completely and choose for a far more protected option this sort of as Mod-PHP, FastCGI, or PHP-FPM.
“This vulnerability is amazingly simple, but which is also what helps make it intriguing,” Tsai explained. “Who would have considered that a patch, which has been reviewed and confirmed secure for the past 12 decades, could be bypassed owing to a insignificant Windows characteristic?”
The Shadowserver Foundation, in a article shared on X, claimed it has previously detected exploitation makes an attempt involving the flaw versus its honeypot servers in just 24 hours of community disclosure.
watchTowr Labs mentioned it was in a position to devise an exploit for CVE-2024-4577 and realize distant code execution, producing it crucial that people move rapidly to utilize the hottest patches.
“A terrible bug with a very uncomplicated exploit,” security researcher Aliz Hammond reported.
“All those operating in an afflicted configuration under one of the impacted locales โ Chinese (simplified, or conventional) or Japanese โ are urged to do this as quick as humanly doable, as the bug has a large probability of being exploited en-mass because of to the small exploit complexity.”
Found this write-up appealing? Stick to us on Twitter ๏ and LinkedIn to read much more distinctive information we post.
Some parts of this article are sourced from:
thehackernews.com