Description
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
Remediation
References
Related Vulnerabilities
WordPress Plugin Post Views Counter Cross-Site Scripting (1.3.4)
e107 Other Vulnerability (CVE-2004-2039)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5341)
phpMyAdmin Cryptographic Issues Vulnerability (CVE-2015-3903)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-6414)