An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one day after Watchtowr researchers published a technical analysis of the flaw and proof-of-concept exploit code. About CVE-2024-4577 Discovered and reported by Orange Tsai, principal security researcher at Devcore, CVE-2024-4577 allows attackers to bypass the protections … More

The post PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) appeared first on Help Net Security.