// For flags

CVE-2012-1823

PHP-CGI Query String Parameter Vulnerability

Severity Score

7.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

11
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

sapi/cgi/cgi_main.c en PHP antes de v5.3.12 y v5.4.x antes de v5.4.2, cuando se configura como un script CGI (también conocido como php-cgi), no maneja correctamente las cadenas de consulta que carecen de un carácter = (signo igual), lo que permite a atacantes remotos ejecutar código arbitrario mediante la colocación de línea de comandos en la cadena de consulta, relacionado con el fallo de saltarse cierto php_getopt para el caso de la 'd'.

sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2012-03-21 CVE Reserved
  • 2012-05-03 First Exploit
  • 2012-05-06 CVE Published
  • 2022-03-25 Exploited in Wild
  • 2022-04-15 KEV Due Date
  • 2024-07-24 EPSS Updated
  • 2024-08-06 CVE Updated
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (40)
URL Tag Source
http://secunia.com/advisories/49014 Third Party Advisory
http://secunia.com/advisories/49065 Third Party Advisory
http://secunia.com/advisories/49085 Third Party Advisory
http://secunia.com/advisories/49087 Third Party Advisory
http://support.apple.com/kb/HT5501
http://www.kb.cert.org/vuls/id/673343 Third Party Advisory
http://www.openwall.com/lists/oss-security/2024/06/07/1 Mailing List
http://www.php.net/archive/2012.php#id2012-05-03-1
http://www.securitytracker.com/id?1027022 Vdb Entry
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1
http://web.archive.org/web/20120503154724/http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823
http://kb.parallels.com/en/116241
URL Date SRC
https://www.exploit-db.com/exploits/29290 2013-10-29
https://www.exploit-db.com/exploits/29316 2013-10-31
https://www.exploit-db.com/exploits/18836 2012-05-05
https://www.exploit-db.com/exploits/18834 2012-05-04
https://github.com/0xl0k1/CVE-2012-1823 2023-08-24
https://github.com/drone789/CVE-2012-1823 2015-09-08
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 2024-08-06
http://www.kb.cert.org/vuls/id/520827 2024-08-06
http://www.php.net/ChangeLog-5.php#5.4.2 2024-08-06
https://bugs.php.net/bug.php?id=61910 2024-08-06
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/multi/http/php_cgi_arg_injection.rb 2012-05-03
URL Date SRC
URL Date SRC
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 2024-06-13
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html 2024-06-13
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html 2024-06-13
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html 2024-06-13
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html 2024-06-13
http://marc.info/?l=bugtraq&m=134012830914727&w=2 2024-06-13
http://rhn.redhat.com/errata/RHSA-2012-0546.html 2024-06-13
http://rhn.redhat.com/errata/RHSA-2012-0547.html 2024-06-13
http://rhn.redhat.com/errata/RHSA-2012-0568.html 2024-06-13
http://rhn.redhat.com/errata/RHSA-2012-0569.html 2024-06-13
http://rhn.redhat.com/errata/RHSA-2012-0570.html 2024-06-13
http://www.debian.org/security/2012/dsa-2465 2024-06-13
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068 2024-06-13
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B 2024-06-13
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK 2024-06-13
https://access.redhat.com/security/cve/CVE-2012-1823 2012-05-11
https://bugzilla.redhat.com/show_bug.cgi?id=818607 2012-05-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 <= 5.3.11
Search vendor "Php" for product "Php" and version " <= 5.3.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
beta1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
beta2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
beta3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
beta4
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
rc1
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
rc2
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.0
Search vendor "Php" for product "Php" and version "5.0.0"
rc3
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.1
Search vendor "Php" for product "Php" and version "5.0.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.2
Search vendor "Php" for product "Php" and version "5.0.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.3
Search vendor "Php" for product "Php" and version "5.0.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.4
Search vendor "Php" for product "Php" and version "5.0.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.0.5
Search vendor "Php" for product "Php" and version "5.0.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.0
Search vendor "Php" for product "Php" and version "5.1.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.1
Search vendor "Php" for product "Php" and version "5.1.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.2
Search vendor "Php" for product "Php" and version "5.1.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.3
Search vendor "Php" for product "Php" and version "5.1.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.4
Search vendor "Php" for product "Php" and version "5.1.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.5
Search vendor "Php" for product "Php" and version "5.1.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.1.6
Search vendor "Php" for product "Php" and version "5.1.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.0
Search vendor "Php" for product "Php" and version "5.2.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.1
Search vendor "Php" for product "Php" and version "5.2.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.2
Search vendor "Php" for product "Php" and version "5.2.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.3
Search vendor "Php" for product "Php" and version "5.2.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.4
Search vendor "Php" for product "Php" and version "5.2.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.5
Search vendor "Php" for product "Php" and version "5.2.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.6
Search vendor "Php" for product "Php" and version "5.2.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.7
Search vendor "Php" for product "Php" and version "5.2.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.8
Search vendor "Php" for product "Php" and version "5.2.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.9
Search vendor "Php" for product "Php" and version "5.2.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.10
Search vendor "Php" for product "Php" and version "5.2.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.11
Search vendor "Php" for product "Php" and version "5.2.11"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.12
Search vendor "Php" for product "Php" and version "5.2.12"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.13
Search vendor "Php" for product "Php" and version "5.2.13"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.14
Search vendor "Php" for product "Php" and version "5.2.14"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.15
Search vendor "Php" for product "Php" and version "5.2.15"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.16
Search vendor "Php" for product "Php" and version "5.2.16"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.2.17
Search vendor "Php" for product "Php" and version "5.2.17"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.0
Search vendor "Php" for product "Php" and version "5.3.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.1
Search vendor "Php" for product "Php" and version "5.3.1"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.2
Search vendor "Php" for product "Php" and version "5.3.2"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.3
Search vendor "Php" for product "Php" and version "5.3.3"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.4
Search vendor "Php" for product "Php" and version "5.3.4"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.5
Search vendor "Php" for product "Php" and version "5.3.5"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.6
Search vendor "Php" for product "Php" and version "5.3.6"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.7
Search vendor "Php" for product "Php" and version "5.3.7"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.8
Search vendor "Php" for product "Php" and version "5.3.8"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.9
Search vendor "Php" for product "Php" and version "5.3.9"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.3.10
Search vendor "Php" for product "Php" and version "5.3.10"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.0
Search vendor "Php" for product "Php" and version "5.4.0"
-
Affected
Php
Search vendor "Php"
 Php
Search vendor "Php" for product "Php"
 5.4.1
Search vendor "Php" for product "Php" and version "5.4.1"
-
Affected