Description
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
Remediation
References
Related Vulnerabilities
WordPress Plugin Product Limited Time Availability Date for woocommerce Cross-Site Scripting (1.0.1)
PHP Other Vulnerability (CVE-2007-1379)
Drupal Improper Access Control Vulnerability (CVE-2015-2559)
WordPress Plugin Rate my Post-WP Rating System Cross-Site Scripting (3.3.8)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5473)