CVE-2012-1823: sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

KEVITWEXPLOIT

CISA Known Exploited Vulnerabilitydue 2022-04-15

Exploited in the wild

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Affected

139 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	mac_os_x	>= 10.6.8 < 10.7.5	10.7.5
apple	mac_os_x	>= 10.8.0 < 10.8.2	10.8.2
debian	debian_linux	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
hp	hp-ux	—	—
hp	hp-ux	—	—
opensuse	opensuse	—	—
opensuse	opensuse	—	—
parallels	parallels_plesk_panel	—	—
parallels	parallels_plesk_panel	—	—
parallels	parallels_small_business_panel	—	—
php	php	< 5.3.12	5.3.12
php	php	<= 5.3.12	—
php	php	—	—
php	php	—	—
php	php	—	—
php	php	—	—
php	php	—	—
php	php	—	—
php	php	—	—
php	php	—	—
php	php	—	—
php	php	—	—
php	php	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

nvd7.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P

vulncheck9.8CRITICAL

cisa9.8CRITICAL