Apache PHP-CGI Remote Code Execution
High Nessus Plugin ID 70728
SynopsisThe remote web server contains a version of PHP that allows arbitrary code execution.
DescriptionThe PHP installation on the remote web server contains a flaw that could allow a remote attacker to pass command-line arguments as part of a query string to the PHP-CGI program. This could be abused to execute arbitrary code, reveal PHP source code, cause a system crash, etc.
SolutionUpgrade to PHP 5.3.13 / 5.4.3 or later.