CVE-2012-1823

🗓️ 11 May 2012 10:00:00Reported by certccType

cve🔗 web.nvd.nist.gov📰️ 6 Media mentions👁 1765 Views🌐 WEB

php-cgi in PHP before 5.3.12 and 5.4.x allows remote attackers to execute arbitrary code

Reporter	Title	Published	Views	Family All 309
0day.today	PHP CGI Argument Injection	5 May 201200:00	–	zdt
0day.today	PHP CGI Argument Injection Exploit	5 May 201200:00	–	zdt
0day.today	PHP CGI Argument Injection Remote Exploit (PHP Version)	20 May 201200:00	–	zdt
0day.today	Plesk Apache Zeroday Remote Exploit	6 Jun 201300:00	–	zdt
0day.today	Apache Magicka Remote Code Execution Vulnerability	31 Oct 201300:00	–	zdt
GithubExploit	Exploit for OS Command Injection in Php	8 Jun 202406:36	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	11 Jun 202415:11	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	12 Jun 202411:50	–	githubexploit
GithubExploit	Exploit for OS Command Injection in Php	30 Dec 202517:49	–	githubexploit
GithubExploit	Exploit for Command Injection in Php	1 Oct 201713:47	–	githubexploit

NVD

Node

php phpRange<5.3.12

php phpRange5.4.0–5.4.2

Node

fedoraproject fedoraMatch39

fedoraproject fedoraMatch40

Node

debian debian_linuxMatch6.0

Node

hp hp-uxMatchb.11.23

hp hp-uxMatchb.11.31

Node

opensuse opensuseMatch11.4

opensuse opensuseMatch12.1

suse linux_enterprise_serverMatch10sp4-

suse linux_enterprise_serverMatch11sp2-

suse linux_enterprise_serverMatch11sp2vmware

suse linux_enterprise_software_development_kitMatch10sp4

suse linux_enterprise_software_development_kitMatch11sp2

Node

apple mac_os_xRange10.6.8–10.7.5

apple mac_os_xRange10.8.0–10.8.2

Node

redhat application_stackMatch2.0

redhat gluster_storage_server_for_on-premiseMatch2.0

redhat storageMatch2.0

redhat storage_for_public_cloudMatch2.0

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_eusMatch5.6

redhat enterprise_linux_eusMatch6.1

redhat enterprise_linux_eusMatch6.2

redhat enterprise_linux_serverMatch5.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_server_ausMatch5.3

redhat enterprise_linux_server_ausMatch5.6

redhat enterprise_linux_workstationMatch5.0

redhat enterprise_linux_workstationMatch6.0

Source	Link
lists	www.lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
secunia	www.secunia.com/advisories/49087
rhn	www.rhn.redhat.com/errata/RHSA-2012-0547.html
bugs	www.bugs.php.net/patch-display.php
lists	www.lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
mandriva	www.mandriva.com/security/advisories
rhn	www.rhn.redhat.com/errata/RHSA-2012-0546.html
rhn	www.rhn.redhat.com/errata/RHSA-2012-0570.html
lists	www.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
openwall	www.openwall.com/lists/oss-security/2024/06/07/1

Position	Path	Description	CWE
query param	/cgi-bin/php	Remote code execution via CGI PHP by passing command-line options in the query string when PHP-CGI is used as CGI and query lacks '='; exploit bypasses security checks.	CWE-77
query param	/cgi-bin/php5	Remote code execution via CGI PHP by passing command-line options in the query string when PHP-CGI is used as CGI and query lacks '='; exploit bypasses security checks.	CWE-77
query param	/cgi-bin/php-cgi	Remote code execution via CGI PHP by passing command-line options in the query string when PHP-CGI is used as CGI and query lacks '='; exploit bypasses security checks.	CWE-77
query param	/cgi-bin/php.cgi	Remote code execution via CGI PHP by passing command-line options in the query string when PHP-CGI is used as CGI and query lacks '='; exploit bypasses security checks.	CWE-77
query param	/cgi-bin/php4	Remote code execution via CGI PHP by passing command-line options in the query string when PHP-CGI is used as CGI and query lacks '='; exploit bypasses security checks.	CWE-77

21 Apr 2026 20:28Current

9.9High risk

Vulners AI Score9.9

CVSS 27.5

CVSS 3.19.8

EPSS0.94363

SSVC