Vulnerability in N/a
CVE-2012-1823
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitra…
EPSS: 0.944 (100.0th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply updates per vendor instructions.
Public proof-of-concept exploits
- 0xl0k1/CVE-2012-1823
- Unix13/metasploitable2
- tardummy01/oscp_scripts-1
- hackherMind-Pixel/Vulnerable-Lab-Exploitation
- Dmitri131313/CVE-2012-1823-exploit-for-https-user-password-web
- cyberharsh/PHP_CVE-2012-1823
- drone789/CVE-2012-1823
- tryj/CVE-2012-1823---PHP-CGI---RCE
- waburig/Open-Worldwide-Application-Security-Project-OWASP-
- nulltrace1336/PHP-CGI-Argument-Injection-Exploit
References
- SSRT100856 (vendor-advisory)
- SUSE-SU-2012:0604 (vendor-advisory)
- 1027022 (vdb-entry)
- HPSBMU02786 (vendor-advisory)
- MDVSA-2012:068 (vendor-advisory)
- openSUSE-SU-2012:0590 (vendor-advisory)
- RHSA-2012:0546 (vendor-advisory)
- RHSA-2012:0568 (vendor-advisory)
- RHSA-2012:0569 (vendor-advisory)
- www.php.net/ChangeLog-5.php
Frequently asked questions
- What is CVE-2012-1823?
- CVE-2012-1823 is a vulnerability in N/a. Published 2012-05-11.
- Is CVE-2012-1823 known to be exploited?
- Yes. CVE-2012-1823 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2022-03-25), indicating it is being actively exploited. 84 public proof-of-concept repositories are indexed.