Detections
Analytics
CVE-2012-1823
critical
Description
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
References
http://www.kb.cert.org/vuls/id/673343
http://www.debian.org/security/2012/dsa-2465
http://support.apple.com/kb/HT5501
http://rhn.redhat.com/errata/RHSA-2012-0570.html
http://rhn.redhat.com/errata/RHSA-2012-0569.html
http://rhn.redhat.com/errata/RHSA-2012-0568.html
http://rhn.redhat.com/errata/RHSA-2012-0547.html
http://rhn.redhat.com/errata/RHSA-2012-0546.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Details
Published: 2012-05-11
Updated: 2025-11-04
Known Exploited Vulnerability (KEV)
Risk Information
CVSS v2
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
CVSS v3
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
EPSS
EPSS: 0.94386
Vulnerability Watch
Tenable Research has classified this CVE under the following Vulnerability Watch classification, which includes active and historical (inactive) classifications. You can learn more about these classifications on our blog.
Vulnerability of Interest