virus logo Intrusion Prevention

PHP.CGI.Argument.Injection

description-logoDescription

This indicates an attack attempt against an Argument Injection vulnerability in PHP CGI.
The vulnerability is caused by an error when the vulnerable software handles a malicious request. It allows a remote attacker to execute arbitrary code via a crafted URI.

description-logoOutbreak Alert

FortiGuard Labs has observed significant level of exploitation attempts targeting the new PHP vulnerability. The TellYouThePass ransomware gang has been leveraging CVE-2024-4577, a remote code execution vulnerability in PHP to deliver web shells and deploy ransomware on targeted systems.

View the full Outbreak Alert Report

affected-products-logoAffected Products

PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.php.net/ChangeLog-8.php#8.3.8

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

https://isc.sans.edu/diary/PHP+vulnerability+CVE-2012-1823+being+exploited+in+the+wild/13312 http://www.exploit-db.com/exploits/25986/ http://www.exploit-db.com/exploits/18836/
ID 31752
Created Jun 19, 2012
Updated Jun 12, 2024
CVE ID
Tags PHP RCE Attack
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.39%
Default Action drop
Active
Affected OS Windows, Linux, BSD, Solaris, MacOS
Affected App PHP_app
Profile Type Code Injection