Description
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
Remediation
References
Related Vulnerabilities
WordPress Plugin ApplyOnline-Application Form Builder and Manager Arbitrary File Disclosure (1.9.92)
WordPress Plugin Connections Business Directory Cross-Site Scripting (8.5.8)
WordPress Plugin WP e-Commerce Predictive Search Cross-Site Scripting (1.1.1)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-35029)