Description

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

Remediation

References

CVE-2012-2335

Related Vulnerabilities

WordPress Plugin Contact Form-Form builder with drag & drop for WordPress by Kali Forms Security Bypass (2.1.1)

WordPress Plugin WP-Polls SQL Injection (2.71)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4865)

Oracle JRE CVE-2020-2756 Vulnerability (CVE-2020-2756)

WordPress Plugin WP-Cal 'id' Parameter SQL Injection (0.3)

Severity

High

Classification

CVE-2012-2335 CWE-264

Tags

Missing Update Known Vulnerabilities