CVE-2012-1823 - PHP-CGI Query String Parameter Vulnerability
Project:PHP
Product:PHP
Date Added:2022-03-25Due Date:2022-04-15
Vulnerability Name
PHP-CGI Query String Parameter Vulnerability
Description
sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-1823
Related News Articles
Hackers use PHP exploit to backdoor Windows systems with new malwareAugust 21, 2024
PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)June 13, 2024
PHP fixes critical RCE flaw impacting all versions for WindowsJune 7, 2024