CVE-2012-1823
PHP-CGI Query String Parameter Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
19
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
sapi/cgi/cgi_main.c en PHP antes de v5.3.12 y v5.4.x antes de v5.4.2, cuando se configura como un script CGI (también conocido como php-cgi), no maneja correctamente las cadenas de consulta que carecen de un carácter = (signo igual), lo que permite a atacantes remotos ejecutar código arbitrario mediante la colocación de línea de comandos en la cadena de consulta, relacionado con el fallo de saltarse cierto php_getopt para el caso de la 'd'.
sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-03-21 CVE Reserved
- 2012-05-04 First Exploit
- 2012-05-11 CVE Published
- 2022-03-25 Exploited in Wild
- 2022-04-15 KEV Due Date
- 2025-02-07 CVE Updated
- 2025-03-30 EPSS Updated
CWE
- CWE-20: Improper Input Validation
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (48)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/49014 | Third Party Advisory | |
| http://secunia.com/advisories/49065 | Third Party Advisory | |
| http://secunia.com/advisories/49085 | Third Party Advisory | |
| http://secunia.com/advisories/49087 | Third Party Advisory | |
| http://support.apple.com/kb/HT5501 |
|
|
| http://www.kb.cert.org/vuls/id/673343 | Third Party Advisory |
|
| http://www.openwall.com/lists/oss-security/2024/06/07/1 | Mailing List |
|
| http://www.php.net/archive/2012.php#id2012-05-03-1 | ||
| http://www.securitytracker.com/id?1027022 | Vdb Entry | |
| https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1 | ||
| http://web.archive.org/web/20120503154724/http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 | ||
| http://kb.parallels.com/en/116241 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | <= 5.3.11 Search vendor "Php" for product "Php" and version " <= 5.3.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.0 Search vendor "Php" for product "Php" and version "5.0.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.0 Search vendor "Php" for product "Php" and version "5.0.0" | beta1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.0 Search vendor "Php" for product "Php" and version "5.0.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.0 Search vendor "Php" for product "Php" and version "5.0.0" | beta3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.0 Search vendor "Php" for product "Php" and version "5.0.0" | beta4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.0 Search vendor "Php" for product "Php" and version "5.0.0" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.0 Search vendor "Php" for product "Php" and version "5.0.0" | rc2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.0 Search vendor "Php" for product "Php" and version "5.0.0" | rc3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.1 Search vendor "Php" for product "Php" and version "5.0.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.2 Search vendor "Php" for product "Php" and version "5.0.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.3 Search vendor "Php" for product "Php" and version "5.0.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.4 Search vendor "Php" for product "Php" and version "5.0.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.0.5 Search vendor "Php" for product "Php" and version "5.0.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.1.0 Search vendor "Php" for product "Php" and version "5.1.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.1.1 Search vendor "Php" for product "Php" and version "5.1.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.1.2 Search vendor "Php" for product "Php" and version "5.1.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.1.3 Search vendor "Php" for product "Php" and version "5.1.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.1.4 Search vendor "Php" for product "Php" and version "5.1.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.1.5 Search vendor "Php" for product "Php" and version "5.1.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.1.6 Search vendor "Php" for product "Php" and version "5.1.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.0 Search vendor "Php" for product "Php" and version "5.2.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.1 Search vendor "Php" for product "Php" and version "5.2.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.2 Search vendor "Php" for product "Php" and version "5.2.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.3 Search vendor "Php" for product "Php" and version "5.2.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.4 Search vendor "Php" for product "Php" and version "5.2.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.5 Search vendor "Php" for product "Php" and version "5.2.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.6 Search vendor "Php" for product "Php" and version "5.2.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.7 Search vendor "Php" for product "Php" and version "5.2.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.8 Search vendor "Php" for product "Php" and version "5.2.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.9 Search vendor "Php" for product "Php" and version "5.2.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.10 Search vendor "Php" for product "Php" and version "5.2.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.11 Search vendor "Php" for product "Php" and version "5.2.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.12 Search vendor "Php" for product "Php" and version "5.2.12" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.13 Search vendor "Php" for product "Php" and version "5.2.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.14 Search vendor "Php" for product "Php" and version "5.2.14" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.15 Search vendor "Php" for product "Php" and version "5.2.15" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.16 Search vendor "Php" for product "Php" and version "5.2.16" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.2.17 Search vendor "Php" for product "Php" and version "5.2.17" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.0 Search vendor "Php" for product "Php" and version "5.3.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.1 Search vendor "Php" for product "Php" and version "5.3.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.2 Search vendor "Php" for product "Php" and version "5.3.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.3 Search vendor "Php" for product "Php" and version "5.3.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.4 Search vendor "Php" for product "Php" and version "5.3.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.5 Search vendor "Php" for product "Php" and version "5.3.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.6 Search vendor "Php" for product "Php" and version "5.3.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.7 Search vendor "Php" for product "Php" and version "5.3.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.8 Search vendor "Php" for product "Php" and version "5.3.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.9 Search vendor "Php" for product "Php" and version "5.3.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.3.10 Search vendor "Php" for product "Php" and version "5.3.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.1 Search vendor "Php" for product "Php" and version "5.4.1" | - |
Affected
| ||||||