Description
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
Remediation
References
Related Vulnerabilities
silverstripeCMS Other Vulnerability (CVE-2007-2321)
Oracle JRE Improper Access Control Vulnerability (CVE-2025-50059)
WordPress Plugin FPW Category Thumbnails Multiple Unspecified Vulnerabilities (1.6.7)
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3195)
WordPress Plugin iQ Block Country Cross-Site Scripting (1.1.19)