sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Metrics
Affected Vendors & Products
References
History
Fri, 07 Feb 2025 13:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
kev
|
Mon, 06 Jan 2025 19:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | CWE-77 |
Tue, 13 Aug 2024 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|

Status: PUBLISHED
Assigner: certcc
Published: 2012-05-11T10:00:00.000Z
Updated: 2025-02-07T13:17:23.648Z
Reserved: 2012-03-21T00:00:00.000Z
Link: CVE-2012-1823

Updated: 2024-08-06T19:08:38.505Z

Status : Modified
Published: 2012-05-11T10:15:48.043
Modified: 2025-02-07T14:15:34.433
Link: CVE-2012-1823
