PT-2012-1212 · Php+4 · Php+4

Nielsdos

Publicado

2011-12-05

Atualizado

2026-03-10

CVE-2012-1823

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.12 PHP versions 5.4.x prior to 5.4.2

Description The issue arises from insufficient input validation in the sapi/cgi/cgi main.c component of the PHP interpreter. This allows remote attackers to execute arbitrary code by placing command-line options in the query string, specifically when the query string lacks an equals sign character. The vulnerability is related to the lack of skipping a certain php getopt for the 'd' case.

Recommendations For PHP versions prior to 5.3.12, update to version 5.3.12 or later. For PHP versions 5.4.x prior to 5.4.2, update to version 5.4.2 or later. As a temporary workaround, consider restricting access to the CGI script to minimize the risk of exploitation.

Exploit

Correção

RCE

SQL injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-20CWE-77

Identificadores relacionados

APACHEPHPCGI3DRCECHECK

APACHEPHPCGIRCECHECK

BDU:2021-04416

BDU:2022-02622

BDU:2022-02625

CESA-2012_0093

CESA-2012_0546

CESA-2012_1046

CVE-2012-1823

DSA-2465-1

ELSA-2012-0546

HPSBUX02791

OPENSUSE-SU-2012_0590-1

OPENSUSE-SU-2024:10290-1

OPENSUSE-SU-2024:10344-1

OPENSUSE-SU-2024:11169-1

RHSA-2011_1741

RHSA-2012:0546

RHSA-2012:0547

RHSA-2012:0568

RHSA-2012:0569

RHSA-2012:0570

RHSA-2012_0092

RHSA-2012_0093

RHSA-2012_0546

RHSA-2012_0547

RHSA-2012_0568

RHSA-2012_1045

RHSA-2012_1046

RHSA-2012_1047

Produtos afetados

Centos

Hp-Ux

Php

Red Hat

Suse

PT-2012-1212 · Php+4 · Php+4

CVE-2012-1823

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 204