CVE-2012-1823

CVE Database · CVE-2012-1823

CVE-2012-1823

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

100.00%

Published

May 11, 2012

Modified

Apr 21, 2026

CISA Known Exploited Vulnerability

Added: 2022-03-25 · Due: 2022-04-15

Apply updates per vendor instructions.

Public PoC / Exploit (14)

All weaponized →

Exploit-DBApache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution Exploit-DBApache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution + Scanner Exploit-DBPHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit)Exploit-DBPHP < 5.3.12 / < 5.4.2 - CGI Argument Injection NucleiNuclei detection template TrickestTrickest PoC index GitHub PoC0xl0k1/CVE-2012-1823★11 GitHub PoCUnix13/metasploitable2★4 GitHub PoCtardummy01/oscp_scripts-1★3 GitHub PoCdrone789/CVE-2012-1823★1 GitHub PoCcyberharsh/PHP_CVE-2012-1823★1 GitHub PoCDmitri131313/CVE-2012-1823-exploit-for-https-user-password-web★1 GitHub PoChackherMind-Pixel/Vulnerable-Lab-Exploitation★1 GitHub PoCJimmy01240397/CVE-2012-1823-Analyze★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-77CWE-77

Affected Products (30)

php · php (up to 5.3.12)vulnerable

php · php (up to 5.4.2)vulnerable

fedoraproject · fedoravulnerable

debian · debian_linuxvulnerable

hp · hp-uxvulnerable

opensuse · opensusevulnerable

suse · linux_enterprise_servervulnerable