CVE-2012-1823
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Affected Platforms (CPE)
📦
Php
Php
< 5.3.12📦
Php
Php
>= 5.4.0 and < 5.4.2💻
Fedoraproject
Fedora
= 39💻
Fedoraproject
Fedora
= 40💻
Debian
Debian Linux
= 6.0💻
Hp
Hp Ux
= b.11.23💻
Hp
Hp Ux
= b.11.31💻
Opensuse
Opensuse
= 11.4💻
Opensuse
Opensuse
= 12.1💻
Suse
Linux Enterprise Server
= 10💻
Suse
Linux Enterprise Server
= 11💻
Suse
Linux Enterprise Server
= 11💻
Suse
Linux Enterprise Software Development Kit
= 10💻
Suse
Linux Enterprise Software Development Kit
= 11💻
Apple
Mac Os X
>= 10.6.8 and < 10.7.5💻
Apple
Mac Os X
>= 10.8.0 and < 10.8.2📦
Redhat
Application Stack
= 2.0📦
Redhat
Gluster Storage Server For On Premise
= 2.0📦
Redhat
Storage
= 2.0📦
Redhat
Storage For Public Cloud
= 2.0💻
Redhat
Enterprise Linux Desktop
= 6.0💻
Redhat
Enterprise Linux Eus
= 5.6💻
Redhat
Enterprise Linux Eus
= 6.1💻
Redhat
Enterprise Linux Eus
= 6.2💻
Redhat
Enterprise Linux Server
= 5.0💻
Redhat
Enterprise Linux Server
= 6.0💻
Redhat
Enterprise Linux Server Aus
= 5.3💻
Redhat
Enterprise Linux Server Aus
= 5.6💻
Redhat
Enterprise Linux Workstation
= 5.0💻
Redhat