Endpoint Vulnerability

PHP CVE-2024-4577 Command Injection Vulnerability

Description

Windows Best-Fit character replacement in command lines to Win32 APIs causes PHP-CGI on Apache to misinterpret options, letting attackers pass PHP options that expose source code or execute arbitrary PHP on PHP 8.1-8.3 on Windows.

Outbreak Alert

FortiGuard Labs has observed significant level of exploitation attempts targeting the new PHP vulnerability. The TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code execution vulnerability in PHP to deliver web shells and deploy ransomware on targeted systems.

View the full Outbreak Alert Report

Affected Applications

PHP

Version Updates

Date	Version	Status	Detail
2025-07-14	1.00880	Modified	PHP
2025-01-14	1.00802	New	PHP

References

https://bugs.php.net/

ID	83468
Created	Apr 05, 2026
Description Updated	Apr 05, 2026
CVE ID
Tags	PHP RCE Attack
Risk
Coverage	FortiClient
OS	Windows
Vendor	PHP
Patch	manual
Application	PHP

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Endpoint Vulnerability

PHP CVE-2024-4577 Command Injection Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Endpoint Vulnerability

PHP CVE-2024-4577 Command Injection Vulnerability

Description

Outbreak Alert

Affected Applications

Version Updates

References

Threat Intelligence
Center