CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.9%
Added: 05/15/2012
CVE: CVE-2012-1823
BID: 53388
OSVDB: 81633
PHP is a widely used general-purpose scripting language that is especially suited for Web development.
When configured as a CGI script (aka php-cgi), PHP does not properly handle query string parameters which are passed directly to the php-cgi program. This can be exploited to execute arbitrary system commands or disclose the PHP source code.
Upgrade PHP to version 5.4.3 or 5.3.13 or higher.
<http://secunia.com/advisories/49014>
<http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823>
This exploit has been tested against PHP 5.3.10 on Windows XP SP3 and PHP 5.4.0 on Ubuntu 11.10 Linux.
Windows
Linux
Mac OS X