Russian Vulnerability Scanner Database

Back to List

CVE-2012-1823

Scores

EPSS

0.944high94.4%
0%20%40%60%80%100%

Percentile: 94.4%

CVSS

9.8critical3.x
0246810

CVSS Score: 9.8/10

All CVSS Scores

CVSS 3.x
9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the ’d’ case.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-77

Related Vulnerabilities

BDU:2021-04416

Exploits

Exploit ID: 18834

Source: exploitdb

URL: https://www.exploit-db.com/exploits/18834

Exploit ID: 18836

Source: exploitdb

URL: https://www.exploit-db.com/exploits/18836

Exploit ID: 29290

Source: exploitdb

URL: https://www.exploit-db.com/exploits/29290

Exploit ID: 29316

Source: exploitdb

URL: https://www.exploit-db.com/exploits/29316

Exploit ID: CVE-2012-1823

Source: github-poc

URL: https://github.com/tryj/CVE-2012-1823---PHP-CGI---RCE

Recommendations

Source: nvd

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2012-0570.html

Source: nvd

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2012-0569.html

Source: nvd

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2012-0568.html

Source: nvd

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2012-0547.html

Source: nvd

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.
This update is available via the Red Hat Network. Details on how touse the Red Hat Network to apply this update are available athttps://access.redhat.com/knowledge/articles/11258

URL: http://rhn.redhat.com/errata/RHSA-2012-0546.html

Vulnerable Software (27)

Type: Configuration

Product: php

Operating System: rhel 5

Trait: 
{  "fixed": "5.1.6-34.el5_8"}

Source: redhat

Type: Configuration

Product: php

Operating System: rhel 5.3

Trait: 
{  "fixed": "5.1.6-23.3.el5_3"}

Source: redhat

Type: Configuration

Product: php

Operating System: rhel 5.6

Trait: 
{  "fixed": "5.1.6-27.el5_6.4"}

Source: redhat

Type: Configuration

Product: php

Operating System: rhel 6

Trait: 
{  "fixed": "5.3.3-3.el6_2.8"}

Source: redhat

Type: Configuration

Product: php

Operating System: rhel 6.0

Trait: 
{  "fixed": "5.3.2-6.el6_0.2"}

Source: redhat

Type: Configuration

Product: php

Operating System: rhel 6.1

Trait: 
{  "fixed": "5.3.3-3.el6_1.4"}

Source: redhat

Type: Configuration

Product: php5

Operating System: ubuntu hardy 8.04

Trait: 
{  "fixed": "5.2.4-2ubuntu5.24"}

Source: ubuntu

Type: Configuration

Product: php5

Operating System: debian

Trait: 
{  "fixed": "5.4.3-1"}

Source: debian

Type: Configuration

Product: php53

Operating System: rhel 5

Trait: 
{  "fixed": "5.3.3-7.el5_8"}

Source: redhat

Type: Configuration

Product: php53

Operating System: rhel 5.6

Trait: 
{  "fixed": "5.3.3-1.el5_6.2"}

Source: redhat

Type: Configuration

Vendor: *

Product: application_stack

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:gluster_storage_server_for_...

Source: nvd

Type: Configuration

Vendor: *

Product: debian_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_desktop

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:gluster_storage_server_for_...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_eus

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:gluster_storage_server_for_...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:gluster_storage_server_for_...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_server_aus

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:gluster_storage_server_for_...

Source: nvd

Type: Configuration

Vendor: *

Product: enterprise_linux_workstation

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:gluster_storage_server_for_...

Source: nvd

Type: Configuration

Vendor: *

Product: fedora

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: *

Product: gluster_storage_server_for_on-premise

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:redhat:gluster_storage_server_for_...

Source: nvd

Type: Configuration

Vendor: *

Product: hp-ux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",      "vulner...

Source: nvd