The vulnerability exists due to improper input validation in PHP-CGI implementation. A remote attacker can send specially crafted HTTP request to the application and execute arbitrary OS commands on the system. Note, the vulnerability exists due to incomplete fix for #VU91106 (CVE-2024-4577).
This Cyber News was published on www.tenable.com. Publication date: Fri, 04 Oct 2024 09:11:03 +0000