Finding #9 — CVE-2012-1823
| Inventory item | php-test 8.3.31 (software, php) |
|---|---|
| Title | PHP Group PHP: PHP-CGI OS Command Injection Vulnerability |
| Match | keyword / confidence low |
| Status | new |
| First seen | 2026-06-11T07:35:11Z |
| Last updated | 2026-06-11T07:35:11Z |
| CVE | CVE-2012-1823 KEV since 2022-03-25 |
| CVSS | 9.8 (CRITICAL)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Description | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. |
| Source advisory | PHP Group PHP: PHP-CGI OS Command Injection Vulnerability PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823. |
| References | http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/ http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://rhn.redhat.com/errata/RHSA-2012-0546.html http://rhn.redhat.com/errata/RHSA-2012-0547.html http://rhn.redhat.com/errata/RHSA-2012-0568.html http://rhn.redhat.com/errata/RHSA-2012-0569.html http://rhn.redhat.com/errata/RHSA-2012-0570.html http://secunia.com/advisories/49014 http://secunia.com/advisories/49065 http://secunia.com/advisories/49085 |