PHP Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability - CVE-2024-4577

In PHP versions8.1. before 8.1.29 8.2. before 8.2.20 8.3. before 8.3.8 when using Apache and PHP-CGI on Windows if the system is set up to use certain code pages Windows may use quotBest-Fitquot behavior to replace characters in command line given toWin32 API functions. PHP CGI module may misinterpret those characters as PHP options which may allow a malicious user to pass options to PHP binary being run and thus reveal the source code of scripts run arbitrary PHP code on the server etc.