Description

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

Remediation

References

CVE-2012-2311

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8393)

Oracle JRE CVE-2019-2977 Vulnerability (CVE-2019-2977)

XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-32971)

Oracle Database Server CVE-2008-1814 Vulnerability (CVE-2008-1814)

WordPress Plugin Memphis Documents Library Cross-Site Request Forgery (3.9.20)

Severity

High

Classification

CVE-2012-2311 CWE-138

Tags

Missing Update Known Vulnerabilities