This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote Amazon Linux AMI host is missing a security update.
A flaw was found in the way the php-cgi executable processed command
line arguments when running in CGI mode. A remote attacker could send
a specially crafted request to a PHP script that would result in the
query string being parsed by php-cgi as command line options and
arguments. This could lead to the disclosure of the script's source
code or arbitrary code execution with the privileges of the PHP
PHP before 5.3.10 does not properly perform a temporary change to the
magic_quotes_gpc directive during the importing of environment
variables, which makes it easier for remote attackers to conduct SQL
injection attacks via a crafted request, related to
main/php_variables.c, sapi/cgi/cgi_main.c, and
Scripts using PHP 5.3 that accept multiple file uploads in a single
request are potentially vulnerable to a directory traversal attack.
See also :
Run 'yum update php*' to upgrade your system.
Risk factor :
High / CVSS Base Score : 7.5
Public Exploit Available : true