FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
CVE-2024-4577 is a critical vulnerability in PHP for Windows systems using Apache and PHP-CGI. It allows attackers to inject malicious code by exploiting character encoding issues. This can lead to them taking control of the server or stealing sensitive information.
This article describes the assessment of Remote Code Execution vulnerability in PHP.
Scope
FortiDAST Scripting Engine updated in version 24.2.0-build0010(GA)
Solution
Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE).
This technology enables FortiDAST to assess remotely with a high level of confidence if an asset is vulnerable to a specific vulnerability by testing the disarmed exploit against the asset itself.
To configure the scan, it will be necessary to enable the FSE group signature 'php' which will select the underlying script: ‘CVE-2024-4577-PHP-RCE-Vulnerability.’
