Description
PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for php.exe with a filename in the query string.
Remediation
References
Related Vulnerabilities
e107 Deserialization of Untrusted Data Vulnerability (CVE-2016-10753)
Jetty Improper Access Control Vulnerability (CVE-2016-4800)
PHP Numeric Errors Vulnerability (CVE-2007-4657)
GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3239)
Oracle Database Server CVE-2006-5345 Vulnerability (CVE-2006-5345)