PHP Vulnerability CVE-2024-4577 Akamai's Report and Updates

TapTechNews July 12th news, the network security company Akamai released a blog post on July 10th, stating that after disclosing the PHP vulnerability CVE-2024-4577 in June this year, the next day, a large number of attackers were observed attempting to exploit this vulnerability on the network.

Akamai said that within 24 hours after disclosing this PHP in June, a large number of vulnerability exploitation attempts against honeypot servers were observed.

These attacks include spreading the remote access Trojan named Gh0stRAT, cryptocurrency miners such as RedTail and XMRig, and the DDoS botnet named Muhstik.

The CVSS score of this vulnerability is 9.8 points (out of 10 points), which affects the installation method in the CGI mode, mainly affecting the Windows version of PHP installation programs using Chinese and Japanese languages.

By exploiting this vulnerability, attackers can bypass the command line and pass parameters to PHP for direct interpretation. The problem with the vulnerability itself is that the CGI engine does not escape the soft hyphen (0xAD) and does not correctly convert Unicode characters to ASCII characters, resulting in remote code execution (RCE) for attackers.

PHP has currently released a version update to fix this vulnerability. Currently, users are urged to upgrade to versions 8.1.29, 8.2.20, and 8.3.8 as soon as possible. TapTechNews attaches the affected versions as follows:

Under the 8.1.x branch, it affects versions before 8.1.29.

Under the 8.2.x branch, it affects versions before 8.2.20.

Under the 8.3.x branch, it affects versions before 8.3.8.

PHP 8 version

PHP 7 version

PHP 5 version