CVE-2012-1823

Confirmed PUBLISHED

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query...

PHP · PHP
Exploited in the wild PoC available

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
9.8 Critical

At a Glance

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

metasploit php cisa nuclei_scanner
CVE Published
May 11, 2012
Exploitation Reported
Mar 25, 2022
CVSS
9.8 Critical
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • SSRT100856 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=134012830914727&w=2
  • SUSE-SU-2012:0604 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011...
  • HPSBMU02786 h20000.www2.hp.com · Vendor Advisory http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectI...
  • MDVSA-2012:068 mandriva.com · Vendor Advisory http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
  • openSUSE-SU-2012:0590 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002...
Show 24 more references
  • RHSA-2012:0546 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2012-0546.html
  • RHSA-2012:0568 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2012-0568.html
  • RHSA-2012:0569 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2012-0569.html
  • RHSA-2012:0570 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2012-0570.html
  • SUSE-SU-2012:0598 lists.opensuse.org · Vendor Advisory http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007...
  • RHSA-2012:0547 rhn.redhat.com · Vendor Advisory http://rhn.redhat.com/errata/RHSA-2012-0547.html
  • APPLE-SA-2012-09-19-2 lists.apple.com · Vendor Advisory http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
  • DSA-2465 debian.org · Vendor Advisory http://www.debian.org/security/2012/dsa-2465
  • FEDORA-2024-49aba7b305 lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce%40list...
  • FEDORA-2024-52c23ef1ec lists.fedoraproject.org · Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce%40list...
  • 49014 secunia.com · Third-Party Advisory http://secunia.com/advisories/49014
  • VU#673343 kb.cert.org · Third-Party Advisory http://www.kb.cert.org/vuls/id/673343
  • 49065 secunia.com · Third-Party Advisory http://secunia.com/advisories/49065
  • VU#520827 kb.cert.org · Third-Party Advisory http://www.kb.cert.org/vuls/id/520827
  • 49085 secunia.com · Third-Party Advisory http://secunia.com/advisories/49085
  • 49087 secunia.com · Third-Party Advisory http://secunia.com/advisories/49087
  • 1027022 securitytracker.com · VDB Entry http://www.securitytracker.com/id?1027022
  • [oss-security] 20240606 PHP security releases 8.3.8, 8.2.20, and 8.1.29 openwall.com · Mailing List http://www.openwall.com/lists/oss-security/2024/06/07/1
  • php.net/ChangeLog-5.php php.net · CVE Record http://www.php.net/ChangeLog-5.php#5.4.2
  • bugs.php.net/bug.php bugs.php.net · CVE Record https://bugs.php.net/bug.php?id=61910
  • support.apple.com/kb/HT5501 support.apple.com · CVE Record http://support.apple.com/kb/HT5501
  • eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823 eindbazen.net · CVE Record http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
  • bugs.php.net/patch-display.php bugs.php.net · CVE Record https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&re...
  • php.net/archive/2012.php php.net · CVE Record http://www.php.net/archive/2012.php#id2012-05-03-1

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.