LetsDefend Monitoring Alert

Possible PHP Injection Detected (CVE-2024-4577)

Jun, 12, 2024, 08:26 AM

Event ID: 268

Event Time: Jun, 12, 2024, 08:26 AM

Rule Name: SOC292 - Possible PHP Injection Detected (CVE-2024-4577)

Alert Type: Web Attack

MITRE Technique:
T1059 - Execution - Command and Scripting Interpreter,
T1190 - Initial Access - Exploit Public-Facing Application,
T1005 - Collection - Data from Local System,
T1590 - Reconnaissance - Gather Victim Network Information,
T1082 - Discovery - System Information Discovery,
T1059.003 - Execution - Command and Scripting Interpreter: Windows Command Shell,
T1505.003 - Persistence - Server Software Component: Web Shell,

Real World Example:https://nvd.nist.gov/vuln/detail/CVE-2024-4577

Severity: Critical

Incident Responder

2024 © LetsDefend

45305 Catalina ct. Suite 150, Sterling VA 20166