Add CVE‑2024‑4577 to the inventory.
A critical argument injection flaw in PHP‑CGI on Windows allows unauthenticated attackers using specific locales (e.g. Chinese, Japanese) to pass crafted characters (e.g. soft hyphen 0xAD) that are misinterpreted as PHP CLI options, enabling remote code execution.
Section: ctf/web/php-cgi/
Type: argument injection / remote code execution
Windows only ?
Add CVE‑2024‑4577 to the inventory.
A critical argument injection flaw in PHP‑CGI on Windows allows unauthenticated attackers using specific locales (e.g. Chinese, Japanese) to pass crafted characters (e.g. soft hyphen 0xAD) that are misinterpreted as PHP CLI options, enabling remote code execution.
Section: ctf/web/php-cgi/
Type: argument injection / remote code execution
Windows only ?