CVE-2024-4577CISA KEVEPSS p100.0%

CVE-2024-4577PHP-CGI OS Command Injection Vulnerability

PHP Group / PHP

Description

PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

Scoring

EPSS99.99% probability of exploitation · percentile 100.0% · 2026-06-17T12:03:21Z

CISA KEV entry

Added to KEV: 2024-06-12

(incoming)1

TypeTargetConfidenceTier
KEVEntryPHP-CGI OS Command Injection Vulnerabilitykev-cve-2024-45770%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
PHP-CGI Query String Parameter Vulnerability
CVE
PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability
CVE
Craft CMS Code Injection Vulnerability
CVE
CVE-2026-24695
CVE
CVE-2026-25111
CVE
CVE-2025-4578
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.