Windows-based PHP installations configured to use PHP-CGI are specifically at risk as the vulnerability exploits Unicode processing in the CGI module.

CVE-2024-4577 is a critical vulnerability in PHP, specifically affecting Windows systems running PHP in CGI mode. This flaw allows attackers to execute arbitrary code remotely by exploiting an argument injection vulnerability. 

Affected systems

• PHP Versions:
  • 8.3.x (before 8.3.8)
  • 8.2.x (before 8.2.20)
  • 8.1.x (before 8.1.29)
• Default XAMPP Installations on Windows
• Windows Systems Running in Chinese and Japanese Locales
• Any Internet-Facing Windows Server Exposing php.exe or php-cgi.exe

Further reading and related sources

• How is CVE-2024-4577 Being Exploited?
• Security Now podcast
• Cybersecuritynews.com
• Securityaffairs.com

Opt-in forms is an essential tool for building your mailing list and successful email marketing. However, they are frequently exploited by bots and malicious actors, leading to various problems.

In this article we cover the following points:

• Automated bot signups, fake, malicious signups and form spamming.
• Understanding the risks.
• How and why it happens.
• Why you need to protect your opt-in forms.
• Available protection methods in nuevoMailer.
• Best practices: Double opt-in & more.
• Monitoring and automation.

Keywords: opt-in form protection, email deliverability, sender reputation, domain reputation, form spamming, double opt-in, Captcha methods, data protection, monitoring, list cleaning.

You can read the full article here.