A common Reddit/Exploit-DB search yields scripts claiming to "hack Apache 2.4.18" via mod_cgi or mod_userdir . These are almost always :
The exploit leverages this flaw to achieve arbitrary function call execution with root privileges. A PHP-based PoC exploit, named "CARPE (DIEM)", was released publicly shortly after the vulnerability was disclosed. The exploit works by: apache httpd 2.4.18 exploit