7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.937 High
EPSS
Percentile
99.1%
php-wrapper.fcgi does not properly handle command-line arguments, which
allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and
5.4.2 and execute arbitrary code by leveraging improper interaction between
the PHP sapi/cgi/cgi_main.c component and a query string beginning with a
± sequence.
Author | Note |
---|---|
sbeattie | we gave a bit of advice in CVE-2012-2311 about this issue |
mdeslaur | this is a further mitigation |