Lucene search
GoogleOSV:DSA-2465-1HistoryMay 09, 2012 - 12:00 a.m.
php5 - several
2012-05-0900:00:00
Google
osv.dev
29
0.973 High
EPSS
Percentile
99.9%
De Eindbazen discovered that PHP, when run with mod_cgi, will
interpret a query string as command line parameters, allowing to
execute arbitrary code.
Additionally, this update fixes insufficient validation of upload
name which lead to corrupted $_FILES indices.
For the stable distribution (squeeze), this problem has been fixed in
version 5.3.3-7+squeeze9.
The testing distribution (wheezy) will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 5.4.3-1.
We recommend that you upgrade your php5 packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php5 | eq | 5.3.3-7 | |
| php5 | eq | 5.3.3-7+squeeze2 | |
| php5 | eq | 5.3.3-7+squeeze3 | |
| php5 | eq | 5.3.3-7+squeeze1 | |
| php5 | eq | 5.3.3-7+squeeze6 | |
| php5 | eq | 5.3.3-7+squeeze8 | |
| php5 | eq | 5.3.3-7+squeeze5 | |
| php5 | eq | 5.3.3-7+squeeze7 |
References
Related
suse
suse
Security update for PHP5 (critical)
2012-05-09 22:08:16
Security update for PHP5 (critical)
2012-05-09 06:08:17
Security update for PHP5 (critical)
2012-05-09 02:08:18
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0598-2)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2012:0604-1)
2021-06-09 00:00:00
Debian Security Advisory DSA 2465-1 (php5)
2012-05-31 00:00:00
nessus
nessus
SuSE 10 Security Update : PHP5 (ZYPP Patch Number 8114)
2012-05-09 00:00:00
SuSE 11.1 Security Update : PHP5 (SAT Patch Number 6252)
2013-01-25 00:00:00
SuSE 11.2 Security Update : PHP5 (SAT Patch Number 6251)
2013-01-25 00:00:00
debian
debian
[SECURITY] [DSA 2465-1] php5 security update
2012-05-09 17:23:53
fedora
fedora
[SECURITY] Fedora 16 Update: maniadrive-1.2-32.fc16.5
2012-05-27 01:52:21
[SECURITY] Fedora 15 Update: maniadrive-1.2-32.fc15.5
2012-05-27 07:21:55
[SECURITY] Fedora 15 Update: php-eaccelerator-0.9.6.1-9.fc15.5
2012-05-27 07:21:55
cert
cert
PHP-CGI query string parameter vulnerability
2012-05-03 00:00:00
Parallels Plesk Panel phppath/php vulnerability
2013-06-07 00:00:00
ubuntucve
ubuntucve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2012-05-11 10:15:00
Design/Logic Flaw
2012-05-11 10:15:00
Directory traversal
2012-05-24 00:55:00
cve
cve
ubuntu
ubuntu
PHP vulnerability
2012-05-04 00:00:00
nvd
nvd
freebsd
freebsd
php -- multiple vulnerabilities
2012-05-08 00:00:00
php -- vulnerability in certain CGI-based setups
2012-05-03 00:00:00
exploitdb
exploitdb
threatpost
threatpost
PHP Group Releases New Versions, But Patch Doesn't Fix CVE-2012-1823 Bug
2012-05-04 14:26:46
Another Set of PHP Releases Pushed Out to Fix CVE-2012-1823 Flaw
2012-05-09 14:32:23
FEMA: State, Local Officials Not Prepared to Respond to Cyberattack
2012-05-04 15:25:34
securityvulns
securityvulns
PHP multiple security vulnerabilities
2012-05-24 00:00:00
PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version
2012-05-24 00:00:00
checkpoint_advisories
checkpoint_advisories
centos
centos
php security update
2012-05-07 21:09:19
php53 security update
2012-05-07 23:01:16
php security update
2012-06-27 20:21:47
symantec
symantec
PHP 'php-cgi' Information Disclosure Vulnerability
2012-05-04 00:00:00
amazon
amazon
Critical: php
2012-05-09 14:54:00
saint
saint
PHP CGI Query String Parameters Command Execution
2012-05-15 00:00:00
PHP CGI Query String Parameters Command Execution
2012-05-15 00:00:00
PHP CGI Query String Parameters Command Execution
2012-05-15 00:00:00
thn
thn
Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability
2013-11-30 09:08:00
Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability
2013-11-30 20:08:00
Linux Worm targets Internet-enabled Home appliances to Mine Cryptocurrencies
2014-03-19 22:26:00
oraclelinux
oraclelinux
php security update
2012-05-07 00:00:00
php53 security update
2012-05-07 00:00:00
seebug
seebug
Plesk < 9.5.4 - Zeroday Remote Exploit
2014-07-01 00:00:00
Apache / PHP 5.x - cgi-bin Remote Code Execution Exploit
2014-07-01 00:00:00
PHP CGI Argument Injection
2014-07-01 00:00:00
packetstorm
packetstorm
PHP CGI Argument Injection
2012-05-06 00:00:00
PHP-CGI Argument Injection Remote Code Execution
2012-12-24 00:00:00
PHP CGI Argument Injection
2012-05-22 00:00:00
redhat
redhat
(RHSA-2012:0568) Critical: php security update
2012-05-10 00:00:00
(RHSA-2012:0569) Critical: php53 security update
2012-05-10 00:00:00
(RHSA-2012:0547) Critical: php53 security update
2012-05-07 00:00:00
exploitpack
exploitpack
PHP 5.3.12 5.4.2 - CGI Argument Injection
2012-05-05 00:00:00
Apache + PHP 5.3.12 5.4.2 - cgi-bin Remote Code Execution
2013-10-29 00:00:00
Plesk 9.5.4 - Remote Command Execution
2013-06-05 00:00:00
metasploit
metasploit
PHP CGI Argument Injection
2012-05-09 16:01:15
f5
f5
SOL14574 - PHP vulnerability CVE-2012-1172
2013-08-07 00:00:00
K14574 : PHP vulnerability CVE-2012-1172
2013-08-07 00:00:00
cisa_kev
cisa_kev
PHP-CGI Query String Parameter Vulnerability
2022-03-25 00:00:00
attackerkb
attackerkb
CVE-2012-1823
2012-05-11 00:00:00
canvas
canvas
Immunity Canvas: PHP_CGI_REMOTE
2012-05-11 10:15:00
nuclei
nuclei
PHP CGI v5.3.12/5.4.2 Remote Code Execution
2021-07-20 09:32:27
veracode
veracode
Arbitrary Code Execution
2019-01-15 08:51:10
Arbitrary Code Execution
2019-05-02 04:42:12
Denial Of Service (DoS)
2019-05-02 04:42:12
zdt
zdt
Apache Magicka Remote Code Execution Vulnerability
2013-10-31 00:00:00