CVE-2012-1823

CVSS 9.8 CRITICALEPSS 100.0%● KEVCWE-77

Vexday Risk Score

100Fix now

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 9.8EPSS 100.0%KEV simPoC públicaNuclei simMetasploit simPatch referenciado

Lifecycle

03 May 2012Metasploit module available

04 May 2012Public PoC

11 May 2012Published on NVD

25 Mar 2022Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

PHP-CGI fails to properly parse query strings without an equals sign, allowing attackers to inject command-line options that execute arbitrary code on the server.

Technical detail

CVE-2012-1823 affects PHP configured as CGI when processing query strings lacking an '=' character. The vulnerability stems from improper handling of the 'd' case in php_getopt, enabling remote attackers to inject arbitrary command-line options via malformed query strings, leading to arbitrary code execution with the privileges of the web server process.

Summary generated and translated by AI from the official description.

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 15

githubgithub.com/0xl0k1/CVE-2012-1823★ 11 githubgithub.com/Unix13/metasploitable2★ 4 githubgithub.com/tardummy01/oscp_scripts-1★ 3 githubgithub.com/Dmitri131313/CVE-2012-1823-exploit-for-https-user-password-web★ 1 githubgithub.com/cyberharsh/PHP_CVE-2012-1823★ 1 githubgithub.com/hackherMind-Pixel/Vulnerable-Lab-Exploitation★ 1 githubgithub.com/drone789/CVE-2012-1823★ 1 githubgithub.com/nulltrace1336/PHP-CGI-Argument-Injection-Exploit★ 0 githubgithub.com/Jimmy01240397/CVE-2012-1823-Analyze★ 0 githubgithub.com/waburig/Open-Worldwide-Application-Security-Project-OWASP-★ 0 githubgithub.com/tryj/CVE-2012-1823---PHP-CGI---RCE★ 0 exploitdbwww.exploit-db.com/exploits/29290unverified exploitdbwww.exploit-db.com/exploits/29316unverified exploitdbwww.exploit-db.com/exploits/18834unverified exploitdbwww.exploit-db.com/exploits/18836unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html http://marc.info/?l=bugtraq&m=134012830914727&w=2 http://rhn.redhat.com/errata/RHSA-2012-0546.html http://rhn.redhat.com/errata/RHSA-2012-0547.html http://rhn.redhat.com/errata/RHSA-2012-0568.html http://rhn.redhat.com/errata/RHSA-2012-0569.html http://rhn.redhat.com/errata/RHSA-2012-0570.html