VulnCheck KEV: CVE-2012-2335

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with...

PHP CGI Argument Injection Remote Exploit (PHP Version)

Exploit for php platform in category web applications PHP CGI Argument Injection Remote Exploit PHP CG...

CVE-2012-2335

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgimain.c component and a query string beginning with a +...

PHP CGI Argument Injection

When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to an argument injection vulnerability. This module takes advantage of the -d flag to set php.ini directives to achieve code execution. From the advisory: "if there is NO unescaped '=' in the query string, the string is split on...