PHP-CGI-based Setups Vulnerability When Parsing Query String Parameters From Php Files. Network Vulnerability

Summary

When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution. An example of the -s command, allowing an attacker to view the source code of index.php is below: http://localhost/index.php?-s

References

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
http://www.kb.cert.org/vuls/id/520827
http://www.php.net/manual/en/security.cgi-bin.php
https://bugs.php.net/bug.php?id=61910

Updated on 2017-03-28

Severity

Classification

CVE CVE-2012-1823, CVE-2012-2311, CVE-2012-2335, CVE-2012-2336

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

artmedic_links5 File Inclusion Vulnerability
Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities
Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
AjaXplorer zoho plugin Directory Traversal Vulnerability

PHP-CGI-based setups vulnerability when parsing query string parameters from php files.

Take action and discover your vulnerabilities