Remote Code Execution - CVE-2012-1823
- Risk:
High
- Type:
- Active
- CWE:
- CWE-20
- Summary
Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped “=” character, enabling arbitrary code execution. In this case, an operating system command was caused to be executed on the web server, and the results were returned to the web browser.
- Solution
Upgrade to the latest stable version of PHP, or use the Apache web server and the mod_rewrite module to filter out malicious requests using the "RewriteCond" and "RewriteRule" directives.
Free security scan for your website