Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2012-1823

UNKNOWN
Published 2012-05-11T10:00:00.000Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2012-1823. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.8
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.944
probability
of exploitation in the wild

There is a 94.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 1.000
Higher than 100.0% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

Available Exploits

PHP CGI v5.3.12/5.4.2 Remote Code Execution

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

ID: CVE-2012-1823
Author: pikpikcu High

References:

Related News

No news articles found for this CVE.

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Overdue

Due Date

April 15, 2022

Added to KEV

March 25, 2022

Required Action

Apply updates per vendor instructions.

Affected Product

Vendor/Project: PHP
Product: PHP

Ransomware Risk

Known Ransomware Use
KEV Catalog Version: 2025.01.24 Released: January 24, 2025

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-3p37-hv77-x3rp

Advisory Details

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2012-1823
WEB https://bugs.php.net/bug.php?id=61910
WEB https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B
WEB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK
WEB http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823
WEB http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
WEB http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
WEB http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
WEB http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
WEB http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
WEB http://marc.info/?l=bugtraq&m=134012830914727&w=2
WEB http://rhn.redhat.com/errata/RHSA-2012-0546.html
WEB http://rhn.redhat.com/errata/RHSA-2012-0547.html
WEB http://rhn.redhat.com/errata/RHSA-2012-0568.html
WEB http://rhn.redhat.com/errata/RHSA-2012-0569.html
WEB http://rhn.redhat.com/errata/RHSA-2012-0570.html
WEB http://secunia.com/advisories/49014
WEB http://secunia.com/advisories/49065
WEB http://secunia.com/advisories/49085
WEB http://secunia.com/advisories/49087
WEB http://support.apple.com/kb/HT5501
WEB http://www.debian.org/security/2012/dsa-2465
WEB http://www.kb.cert.org/vuls/id/520827
WEB http://www.kb.cert.org/vuls/id/673343
WEB http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
WEB http://www.openwall.com/lists/oss-security/2024/06/07/1
WEB http://www.php.net/ChangeLog-5.php#5.4.2
WEB http://www.php.net/archive/2012.php#id2012-05-03-1
WEB http://www.securitytracker.com/id?1027022

Advisory provided by GitHub Security Advisory Database. Published: May 14, 2022, Modified: July 16, 2024

References

http://marc.info/?l=bugtraq&m=134012830914727&w=2
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
http://www.securitytracker.com/id?1027022
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
http://rhn.redhat.com/errata/RHSA-2012-0546.html
http://rhn.redhat.com/errata/RHSA-2012-0568.html
http://rhn.redhat.com/errata/RHSA-2012-0569.html
http://www.php.net/ChangeLog-5.php#5.4.2
http://secunia.com/advisories/49014
http://rhn.redhat.com/errata/RHSA-2012-0570.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
https://bugs.php.net/bug.php?id=61910
http://www.kb.cert.org/vuls/id/673343
http://rhn.redhat.com/errata/RHSA-2012-0547.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://support.apple.com/kb/HT5501
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
http://secunia.com/advisories/49065
http://www.kb.cert.org/vuls/id/520827
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://marc.info/?l=bugtraq&m=134012830914727&w=2
http://www.debian.org/security/2012/dsa-2465
http://secunia.com/advisories/49085
http://www.php.net/archive/2012.php#id2012-05-03-1
http://secunia.com/advisories/49087
http://www.openwall.com/lists/oss-security/2024/06/07/1
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/

HackerOne Reports

Incorrect Encoding Conversion in hostname results in indeterminate SSRF vulnerabilities Low
z3r0yu
curl
Type Confusion
View Report
Published: 2012-05-11T10:00:00.000Z
Last Modified: 2025-07-30T01:46:59.975Z
Copied to clipboard!