CVE-2012-1823
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Affected Platforms (CPE)
π¦
Php
Php
< 5.3.12π¦
Php
Php
>= 5.4.0 and < 5.4.2π»
Fedoraproject
Fedora
= 39π»
Fedoraproject
Fedora
= 40π»
Debian
Debian Linux
= 6.0π»
Hp
Hp Ux
= b.11.23π»
Hp
Hp Ux
= b.11.31π»
Opensuse
Opensuse
= 11.4π»
Opensuse
Opensuse
= 12.1π»
Suse
Linux Enterprise Server
= 10π»
Suse
Linux Enterprise Server
= 11π»
Suse
Linux Enterprise Server
= 11π»
Suse
Linux Enterprise Software Development Kit
= 10π»
Suse
Linux Enterprise Software Development Kit
= 11π»
Apple
Mac Os X
>= 10.6.8 and < 10.7.5π»
Apple
Mac Os X
>= 10.8.0 and < 10.8.2π¦
Redhat
Application Stack
= 2.0π¦
Redhat
Gluster Storage Server For On Premise
= 2.0π¦
Redhat
Storage
= 2.0π¦
Redhat
Storage For Public Cloud
= 2.0π»
Redhat
Enterprise Linux Desktop
= 6.0π»
Redhat
Enterprise Linux Eus
= 5.6π»
Redhat
Enterprise Linux Eus
= 6.1π»
Redhat
Enterprise Linux Eus
= 6.2π»
Redhat
Enterprise Linux Server
= 5.0π»
Redhat
Enterprise Linux Server
= 6.0π»
Redhat
Enterprise Linux Server Aus
= 5.3π»
Redhat
Enterprise Linux Server Aus
= 5.6π»
Redhat
Enterprise Linux Workstation
= 5.0π»
Redhat