Web Application Firewall

PHP.CGI.Argument.Injection

Description

This indicates an attack attempt against an Argument Injection vulnerability in PHP CGI.
The vulnerability is caused by an error when the vulnerable software handles a malicious request. It allows a remote attacker to execute arbitrary code via a crafted URI.

Outbreak Alert

FortiGuard Labs has observed significant level of exploitation attempts targeting the new PHP vulnerability. The TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code execution vulnerability in PHP to deliver web shells and deploy ransomware on targeted systems.

View the full Outbreak Alert Report

Affected Products

PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.php.net/ChangeLog-8.php#8.3.8

Version Updates

Date	Version	Status	Detail
2024-07-26	1.00054	New

ID	1002017393
Created	Jul 26, 2024
Updated	Jul 26, 2024
CVE ID
Tags	PHP RCE Attack
Risk
Default Action	drop
Active
Affected OS	Windows, Linux, BSD, Solaris, MacOS
Affected App	PHP_app

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Web Application Firewall

PHP.CGI.Argument.Injection

Description

Outbreak Alert

Affected Products

Impact

Recommended Actions

Version Updates

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Web Application Firewall

PHP.CGI.Argument.Injection

Description

Outbreak Alert

Affected Products

Impact

Recommended Actions

Version Updates

Threat Intelligence
Center