Description
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
Remediation
References
Related Vulnerabilities
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)
Oracle JRE CVE-2018-2579 Vulnerability (CVE-2018-2579)
Microsoft SQL Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2003-0230)
MySQL CVE-2019-2607 Vulnerability (CVE-2019-2607)
PleskWin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-24044)