CVE-2012-1823

Warning

Exploit

EPSS 94.39%
Published 11.05.2012 10:15:48
Last modified 11.04.2025 00:51:21
Source cret@cert.org
Teams watchlist Login
Open Login

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Affected products Warnungen 1 Metrics 4 CWE 1 References 32

Data is provided by the National Vulnerability Database (NVD)

Php ≫ Php Version < 5.3.12

Php ≫ Php Version >= 5.4.0 < 5.4.2

Fedoraproject ≫ Fedora Version39

Fedoraproject ≫ Fedora Version40

Debian ≫ Debian Linux Version6.0

Hp ≫ Hp-ux Versionb.11.23

Hp ≫ Hp-ux Versionb.11.31

Opensuse ≫ Opensuse Version11.4

Opensuse ≫ Opensuse Version12.1

Suse ≫ Linux Enterprise Server Version10 Updatesp4 SwEdition-

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-

Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware

Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4

Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2

Apple ≫ macOS X Version >= 10.6.8 < 10.7.5

Apple ≫ macOS X Version >= 10.8.0 < 10.8.2

Redhat ≫ Application Stack Version2.0

Redhat ≫ Gluster Storage Server For On-premise Version2.0

Redhat ≫ Storage Version2.0

Redhat ≫ Storage For Public Cloud Version2.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version5.6

Redhat ≫ Enterprise Linux Eus Version6.1

Redhat ≫ Enterprise Linux Eus Version6.2

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Aus Version5.3

Redhat ≫ Enterprise Linux Server Aus Version5.6

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

25.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

PHP-CGI Query String Parameter Vulnerability

Vulnerability

sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	94.39%	1

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Broken Link

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Third Party Advisory

Mailing List

http://support.apple.com/kb/HT5501

Third Party Advisory

http://marc.info/?l=bugtraq&m=134012830914727&w=2

Mailing List

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Exploit

Broken Link