Background

A new Remote Code Execution (RCE) vulnerability in PHP for Windows has been disclosed, affecting all versions since 5.x and potentially impacting a vast number of servers worldwide. PHP, an open-source scripting language widely utilised for web development, is commonly deployed on both Windows and Linux servers. The RCE flaw, tracked as CVE-2024-4577 is rated 9.8 in CVSS severity. Following responsible disclosure on May 7, 2024, a fix for the vulnerability has been made available.

Impact

A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise.

Mitigation Measure

• It is strongly recommended that administrators upgrade to the latest PHP versions of 8.3.8, 8.2.20, and 8.1.29.
• Administrators are also advised to move away from the outdated PHP CGI altogether and opt for more secure solution such as Mod-PHP, FastCGI, or PHP-FPM.

Recommendation

The following references provide further details:

• https://www.bleepingcomputer.com/news/security/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows/
• https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/

Contact the Cyber Security Authority

The CSA has a 24-hour Cybersecurity/Cybercrime Incident Reporting Points of Contact (PoC) for reporting cybercrimes and for seeking guidance and assistance on online activities, Call or Text – 292, WhatsApp – 0501603111, Email – report@csa.gov.gh

Issued by Cyber Security Authority
June 20, 2024

Ref: CSA/CERT/TA/2024-06/02

Government Advisory

• Impersonation of Government Officials
• Risk of Sharepoint Vulnerability

Business Advisories

• Video Teleconferencing Hijacking
• How to recognise and avoid phishing scams
• Website Defacement

Public Advisories

• Romance Scam
• Mobile Money Fraud
• Whatsapp Scam

Children Advisories

• Revenge Scam
• Cyber Grooming
• Cyber Bullying

Others

• Alerts
• Vulnerabilities