# CVE-2024-4577
A Proof of Concept developed by [@watchTowr]( exploiting the PHP CGI Argument Injection vulnerability (CVE-2024-4577) to obtain RCE on a vulnerable PHP version running in a Windows environment. [Detailed technical analysis for this vulnerability](

<p align="center">
  <img src="/poc.gif" />

# Orange Tsi ๐ŸŠ

This vulnerability was found by [Orange Tsai (@orange_8361)]( of [DEVCORE (@d3vc0r3)]( Make sure to follow his outstanding research, our role was to only recreate and develop the exploit for this issue.

# Affected Versions

based on the original [blog post by DEVCORE (@d3vc0r3)]( This vulnerability affects all versions of PHP installed on the Windows operating system:
PHP 8.3 < 8.3.8
PHP 8.2 < 8.2.20
PHP 8.1 < 8.1.29
Since the branch of PHP 8.0, PHP 7, and PHP 5 are End-of-Life, and are no longer maintained anymore, server admins can refer to the Am I Vulnerable section [HERE]( to find temporary patch recommendations in the Mitigation Measure section.

# Exploit authors
[Aliz (@AlizTheHax0r)]( and [Sina Kheirkhah (@SinSinology)]( of [watchTowr (@watchtowrcyber)]( 

# Follow [watchTowr]( Labs 
For the latest security research follow the [watchTowr]( Labs Team