Original Post: Imperva Protects Against Critical PHP Vulnerability CVE-2024-4577
A critical cybersecurity vulnerability, CVE-2024-4577, with a high CVSS score of 9.8, has been identified in PHP, specifically affecting Windows-based PHP installations using CGI mode in Japanese and Chinese environments. This flaw allows for remote code execution due to improper input validation, posing significant risks to web applications built with PHP. Imperva’s Web Application Firewall provides out-of-the-box protection against exploitation attempts on this vulnerability. Numerous attacks, primarily targeting financial services, healthcare, and business sites in the US and Brazil, have been observed using Go and cURL tools for automation. With public proof-of-concept (POC) exploits available, more attacks are expected. Imperva emphasizes the importance of proactive defense strategies to mitigate such vulnerabilities and protect sensitive digital assets. The company also offers a free 30-day trial for businesses to protect their digital infrastructure.
Go here to read the Original Post