CVE-2012-1823 Scanner
CVE-2012-1823 scanner - Code Injection vulnerability in PHP
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 2 days
Scan only one
Domain, IPv4, Subdomain
Toolbox
-
PHP is a popular scripting language used for creating dynamic web pages and web applications. PHP is often used in conjunction with a web server like Apache or Nginx and can be configured in various ways to serve different purposes. PHP can be used as a command-line interface (CLI) or can be configured as a CGI script (php-cgi).
One of the vulnerabilities detected in PHP 5.3.12 and 5.4.x before 5.4.2 when configured as a CGI script is CVE-2012-1823. This vulnerability exists due to the way certain query strings are handled in the sapi/cgi/cgi_main.c file. Specifically, query strings that lack an equals sign (=) character are not properly handled, allowing remote attackers to execute arbitrary code by placing command-line options in the query string. This vulnerability exists due to a lack of skipping a certain php_getopt for the 'd' case.
Exploiting this vulnerability can lead to various consequences, such as arbitrary code execution, remote code execution, or information disclosure. Attackers can send specially crafted requests to the targeted PHP scripts, causing the code to execute with the privileges of the web server. This can lead to the attacker gaining access to sensitive data, modifying files, or even taking control of the entire system.
Thanks to the pro features of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets. By signing up for S4E's services, users can receive alerts when new vulnerabilities are detected, gain access to vulnerability management tools, and receive actionable insights on how to protect their digital assets. Stay ahead of the game with S4E.
REFERENCES
- http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
- http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
- http://marc.info/?l=bugtraq&m=134012830914727&w=2
- http://rhn.redhat.com/errata/RHSA-2012-0546.html
- http://rhn.redhat.com/errata/RHSA-2012-0547.html
- http://rhn.redhat.com/errata/RHSA-2012-0568.html
- http://rhn.redhat.com/errata/RHSA-2012-0569.html
- http://rhn.redhat.com/errata/RHSA-2012-0570.html
- http://support.apple.com/kb/HT5501
- http://www.debian.org/security/2012/dsa-2465
- http://www.kb.cert.org/vuls/id/520827
- http://www.kb.cert.org/vuls/id/673343
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:068
- http://www.php.net/ChangeLog-5.php#5.4.2
- http://www.php.net/archive/2012.php#id2012-05-03-1
- http://www.securitytracker.com/id?1027022
- https://bugs.php.net/bug.php?id=61910
- https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1
