Jun 9, 2024
New PHP Vulnerability Exposes Windows Servers to Remote Code Execution
Posted by Saúl Morales Rodriguéz in categories: computing, security
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances.
The vulnerability, tracked as CVE-2024–4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.
According to DEVCORE security researcher, the shortcoming makes it possible to bypass protections put in place for another security flaw, CVE-2012–1823.