PRIOn Logo

CVE-2012-1823 Design/Logic Flaw

Immediate
Remediate Within 48 Hours

CVE Information

Original CVE data

Published:
Updated:

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

CWE: CWE-20
CVSS v27.5
AV:N/AC:L/AU:N/C:P/I:P/A:P
CVSS v3-
References
https://bugs.php.net/bug.php?id=61910
http://www.php.net/ChangeLog-5.php
http://www.php.net/archive/2012.php
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1
http://www.kb.cert.org/vuls/id/520827
http://rhn.redhat.com/errata/RHSA-2012-0568.html
http://rhn.redhat.com/errata/RHSA-2012-0547.html
http://rhn.redhat.com/errata/RHSA-2012-0546.html
http://secunia.com/advisories/49014
http://secunia.com/advisories/49087
http://secunia.com/advisories/49065
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://marc.info/?l=bugtraq&m=134012830914727&w=2
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://support.apple.com/kb/HT5501
http://www.securitytracker.com/id?1027022
http://secunia.com/advisories/49085
http://www.kb.cert.org/vuls/id/673343
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
http://rhn.redhat.com/errata/RHSA-2012-0570.html
http://rhn.redhat.com/errata/RHSA-2012-0569.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
http://www.debian.org/security/2012/dsa-2465
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
http://www.openwall.com/lists/oss-security/2024/06/07/1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/
Affected Vendors

Php - (1)

Basic Analysis

Common vulnerability metrics

Vulnerabilty type as detected by PRIOnengine

Design/Logic Flaw

CVSS Scores as calculated by PRIOnengine
CVSS v27.5
AV:N/AC:L/AU:N/C:P/I:P/A:P
CVSS v39.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MITRE CWE Top 25

Vulnerability weakness type is in the top 25 CWEs according to MITRE. View Mitre Top 25 CWEs

Exploits

Exploits are available either through exploit packs, Github repos or the world wide web in general.

Active Exploitation

Vulnerability is referenced under CISA's Known Exploited Vulnerabilities (KEV) catalog. See the KEV Catalog

Social Network Activity

-

Threat Actor Activity

No sightings of the vulnerability within threat reports.

Cybersecurity Frameworks

How the vulnerability maps against various cybersecurity frameworks

T1499.004 - Endpoint Denial of Service (Application or System Exploitation)
T1203 - Exploitation for Client Execution
T1059 - Command and Scripting Interpreter

Compliance Impact

How the submited vulnerability affects compliance

-

Web Application Security Frameworks

Applicable if the issue likely affects a web application

WASC-6 - Format String