{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/115246?format=json","vulnerability_id":"VCID-xwnh-ppcm-w3b8","summary":"php: command line arguments injection when run in CGI mode (VU#520827)","aliases":[{"alias":"CVE-2012-1823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/193140?format=json","purl":"pkg:ebuild/dev-lang/php@5.3.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/193141?format=json","purl":"pkg:ebuild/dev-lang/php@5.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.4.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/182852?format=json","purl":"pkg:rpm/redhat/php@5.1.6-23.3?arch=el5_3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xwnh-ppcm-w3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-23.3%3Farch=el5_3"},{"url":"http://public2.vulnerablecode.io/api/packages/182853?format=json","purl":"pkg:rpm/redhat/php@5.1.6-27.el5_6?arch=4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xwnh-ppcm-w3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-27.el5_6%3Farch=4"},{"url":"http://public2.vulnerablecode.io/api/packages/182854?format=json","purl":"pkg:rpm/redhat/php@5.1.6-34?arch=el5_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xwnh-ppcm-w3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-34%3Farch=el5_8"},{"url":"http://public2.vulnerablecode.io/api/packages/182850?format=json","purl":"pkg:rpm/redhat/php@5.3.2-6.el6_0?arch=2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xwnh-ppcm-w3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.2-6.el6_0%3Farch=2"},{"url":"http://public2.vulnerablecode.io/api/packages/182855?format=json","purl":"pkg:rpm/redhat/php@5.3.3-3.el6_1?arch=4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xwnh-ppcm-w3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.3-3.el6_1%3Farch=4"},{"url":"http://public2.vulnerablecode.io/api/packages/182849?format=json","purl":"pkg:rpm/redhat/php@5.3.3-3.el6_2?arch=8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xwnh-ppcm-w3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.3-3.el6_2%3Farch=8"},{"url":"http://public2.vulnerablecode.io/api/packages/182848?format=json","purl":"pkg:rpm/redhat/php53@5.3.3-1.el5_6?arch=2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xwnh-ppcm-w3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php53@5.3.3-1.el5_6%3Farch=2"},{"url":"http://public2.vulnerablecode.io/api/packages/182851?format=json","purl":"pkg:rpm/redhat/php53@5.3.3-7?arch=el5_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xwnh-ppcm-w3b8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php53@5.3.3-7%3Farch=el5_8"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1823.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1823.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1823","reference_id":"","reference_type":"","scores":[{"value":"0.94363","scoring_system":"epss","scoring_elements":"0.99965","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1823"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=818607","reference_id":"818607","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=818607"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/18836.py","reference_id":"CVE-2012-2336;CVE-2012-2311;CVE-2012-1823;OSVDB-81633","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/18836.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/29290.c","reference_id":"CVE-2012-2336;CVE-2012-2311;CVE-2012-1823;OSVDB-81633","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/29290.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/29316.py","reference_id":"CVE-2012-2336;CVE-2012-2311;CVE-2012-1823;OSVDB-81633","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/29316.py"},{"reference_url":"http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/","reference_id":"CVE-2012-2336;OSVDB-81633;CVE-2012-2311;CVE-2012-1823","reference_type":"exploit","scores":[],"url":"http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/18834.rb","reference_id":"CVE-2012-2336;OSVDB-81633;CVE-2012-2311;CVE-2012-1823","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/18834.rb"},{"reference_url":"https://security.gentoo.org/glsa/201209-03","reference_id":"GLSA-201209-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0546","reference_id":"RHSA-2012:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0547","reference_id":"RHSA-2012:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0547"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0568","reference_id":"RHSA-2012:0568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0568"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0569","reference_id":"RHSA-2012:0569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0569"}],"weaknesses":[],"exploits":[{"date_added":null,"description":"When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to\n          an argument injection vulnerability.  This module takes advantage of\n          the -d flag to set php.ini directives to achieve code execution.\n\n          From the advisory: \"if there is NO unescaped '=' in the query string,\n          the string is split on '+' (encoded space) characters, urldecoded,\n          passed to a function that escapes shell metacharacters (the \"encoded in\n          a system-defined manner\" from the RFC) and then passes them to the CGI\n          binary.\" This module can also be used to exploit the plesk 0day disclosed\n          by kingcope and exploited in the wild on June 2013.","required_action":null,"due_date":null,"notes":"Stability:\n  - crash-safe\nReliability:\n  - repeatable-session\nSideEffects:\n  - ioc-in-logs\n","known_ransomware_campaign_use":false,"source_date_published":"2012-05-03","exploit_type":null,"platform":"PHP","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/php_cgi_arg_injection.rb"},{"date_added":"2022-03-25","description":"sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.","required_action":"Apply updates per vendor instructions.","due_date":"2022-04-15","notes":"https://nvd.nist.gov/vuln/detail/CVE-2012-1823","known_ransomware_campaign_use":false,"source_date_published":null,"exploit_type":null,"platform":null,"source_date_updated":null,"data_source":"KEV","source_url":null},{"date_added":"2012-05-05","description":"PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2012-05-05","exploit_type":"remote","platform":"php","source_date_updated":"2012-05-08","data_source":"Exploit-DB","source_url":""}],"severity_range_score":null,"exploitability":"2.0","weighted_severity":"0.8","risk_score":1.6,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwnh-ppcm-w3b8"}