Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Hypertext Preprocessor (PHP) Software

8 June 2024

Update as of 10 March 2025:

There are observations of active exploitation of the aforementioned critical vulnerability affecting PHP-CGI installations on Windows systems.

Users and administrators of Windows installations using affected PHP versions are strongly recommended to update to the latest versions immediately.

Users and administrators are also advised to perform a deep AV scan of Windows servers using PHP-CGI modules to detect the presence of any malicious files or shellcode.

Singapore organisations affected by this vulnerability are advised to report to SingCERT if any evidence of compromise is found. A report can be made via our Incident Reporting Form at https://go.gov.sg/singcert-incident-reporting-form

More information is available here:

https://www.scworld.com/brief/targeting-of-php-vulnerability-expands-globally

https://www.scworld.com/news/critical-98-php-flaw-exploited-in-us-japan-and-singapore

https://blog.talosintelligence.com/new-persistent-attacks-japan/

https://www.greynoise.io/blog/mass-exploitation-critical-php-cgi-vulnerability-cve-2024-457


Original alert published on 08 June 2024:

PHP has released security updates addressing a critical vulnerability (CVE-2024-4577) affecting installations where PHP is used in CGI mode. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10. The proof-of-concept exploit code that targets this vulnerability is reportedly publicly available.

Successful exploitation of the CGI argument injection vulnerability could allow an unauthenticated attacker to perform arbitrary remote code execution on the PHP servers.

The vulnerability affects all PHP versions running on Windows OS.

Users and administrators of affected PHP versions are advised to update to the latest versions immediately.

More information is available here:
https://www.tenable.com/cve/CVE-2024-4577
https://devco.re/blog/2024/06/06/security-alert-cve-2024-4577-php-cgi-argument-injection-vulnerability-en/?ref=labs.watchtowr.com#Timeline

Back to top