Hillstone Networks

Attack (Attack ID：302025)

Release Date：05/09/2012

Attack Name：PHP CGI Argument Injection vulnerability

Severity：

BUG ID：

CVE ID：

Description：

Impact:

PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files.

When PHP is used in a CGI-based setup(such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.

Affected Systems:

PHP < 5.4.2

PHP < 5.3.12

Additional References:
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

Solution：

PHP 5.4.2 and 5.3.12 fixed this vulnerability :
http://www.php.net/archive/2012.php#id2012-05-03-1