Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Hypertext Preprocessor (PHP) Software
Alerts

Critical Vulnerability in Hypertext Preprocessor (PHP) Software

8 June 2024

Update as of 10 March 2025:

There are observations of active exploitation of the aforementioned critical vulnerability affecting PHP-CGI installations on Windows systems.

Users and administrators of Windows installations using affected PHP versions are strongly recommended to update to the latest versions immediately.

Users and administrators are also advised to perform a deep AV scan of Windows servers using PHP-CGI modules to detect the presence of any malicious files or shellcode.

Singapore organisations affected by this vulnerability are advised to report to SingCERT if any evidence of compromise is found. A report can be made via our Incident Reporting Form at https://go.gov.sg/singcert-incident-reporting-form

More information is available here:

https://www.scworld.com/brief/targeting-of-php-vulnerability-expands-globally

https://www.scworld.com/news/critical-98-php-flaw-exploited-in-us-japan-and-singapore

https://blog.talosintelligence.com/new-persistent-attacks-japan/

https://www.greynoise.io/blog/mass-exploitation-critical-php-cgi-vulnerability-cve-2024-457


Original alert published on 08 June 2024:

PHP has released security updates addressing a critical vulnerability (CVE-2024-4577) affecting installations where PHP is used in CGI mode. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. The proof-of-concept exploit code that targets this vulnerability is reportedly publicly available.

Successful exploitation of the CGI argument injection vulnerability could allow an unauthenticated attacker to perform arbitrary remote code execution on the PHP servers.

The vulnerability affects all PHP versions running on Windows OS.

Users and administrators of affected PHP versions are advised to update to the latest versions immediately.

More information is available here:
https://www.tenable.com/cve/CVE-2024-4577
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/?ref=labs.watchtowr.com#Timeline

Back to top