{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49116?format=json","vulnerability_id":"VCID-myft-jnpz-r7gb","summary":"Multiple vulnerabilities were found in PHP, the worst of which lead\n    to remote execution of arbitrary code.","aliases":[{"alias":"CVE-2012-1823"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77748?format=json","purl":"pkg:ebuild/dev-lang/php@5.3.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/77749?format=json","purl":"pkg:ebuild/dev-lang/php@5.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.4.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126013?format=json","purl":"pkg:rpm/redhat/php@5.1.6-23.3?arch=el5_3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-myft-jnpz-r7gb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-23.3%3Farch=el5_3"},{"url":"http://public2.vulnerablecode.io/api/packages/126014?format=json","purl":"pkg:rpm/redhat/php@5.1.6-27.el5_6?arch=4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-myft-jnpz-r7gb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-27.el5_6%3Farch=4"},{"url":"http://public2.vulnerablecode.io/api/packages/126015?format=json","purl":"pkg:rpm/redhat/php@5.1.6-34?arch=el5_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-myft-jnpz-r7gb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-34%3Farch=el5_8"},{"url":"http://public2.vulnerablecode.io/api/packages/126011?format=json","purl":"pkg:rpm/redhat/php@5.3.2-6.el6_0?arch=2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-myft-jnpz-r7gb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.2-6.el6_0%3Farch=2"},{"url":"http://public2.vulnerablecode.io/api/packages/126016?format=json","purl":"pkg:rpm/redhat/php@5.3.3-3.el6_1?arch=4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-myft-jnpz-r7gb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.3-3.el6_1%3Farch=4"},{"url":"http://public2.vulnerablecode.io/api/packages/126010?format=json","purl":"pkg:rpm/redhat/php@5.3.3-3.el6_2?arch=8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-myft-jnpz-r7gb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.3-3.el6_2%3Farch=8"},{"url":"http://public2.vulnerablecode.io/api/packages/126009?format=json","purl":"pkg:rpm/redhat/php53@5.3.3-1.el5_6?arch=2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-myft-jnpz-r7gb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php53@5.3.3-1.el5_6%3Farch=2"},{"url":"http://public2.vulnerablecode.io/api/packages/126012?format=json","purl":"pkg:rpm/redhat/php53@5.3.3-7?arch=el5_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-myft-jnpz-r7gb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php53@5.3.3-7%3Farch=el5_8"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1823.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1823.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1823","reference_id":"","reference_type":"","scores":[{"value":"0.94363","scoring_system":"epss","scoring_elements":"0.99966","published_at":"2026-05-09T12:55:00Z"},{"value":"0.94363","scoring_system":"epss","scoring_elements":"0.99965","published_at":"2026-05-14T12:55:00Z"},{"value":"0.94386","scoring_system":"epss","scoring_elements":"0.99971","published_at":"2026-04-18T12:55:00Z"},{"value":"0.94386","scoring_system":"epss","scoring_elements":"0.99972","published_at":"2026-04-08T12:55:00Z"},{"value":"0.94386","scoring_system":"epss","scoring_elements":"0.9997","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1823"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/07/1","reference_id":"1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/07/1"},{"reference_url":"http://www.php.net/archive/2012.php#id2012-05-03-1","reference_id":"2012.php#id2012-05-03-1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://www.php.net/archive/2012.php#id2012-05-03-1"},{"reference_url":"http://secunia.com/advisories/49014","reference_id":"49014","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://secunia.com/advisories/49014"},{"reference_url":"http://secunia.com/advisories/49065","reference_id":"49065","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://secunia.com/advisories/49065"},{"reference_url":"http://secunia.com/advisories/49085","reference_id":"49085","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://secunia.com/advisories/49085"},{"reference_url":"http://secunia.com/advisories/49087","reference_id":"49087","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://secunia.com/advisories/49087"},{"reference_url":"http://www.kb.cert.org/vuls/id/520827","reference_id":"520827","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://www.kb.cert.org/vuls/id/520827"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=818607","reference_id":"818607","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=818607"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:068","reference_id":"advisories?name=MDVSA-2012:068","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2012:068"},{"reference_url":"https://bugs.php.net/bug.php?id=61910","reference_id":"bug.php?id=61910","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"https://bugs.php.net/bug.php?id=61910"},{"reference_url":"http://www.php.net/ChangeLog-5.php#5.4.2","reference_id":"ChangeLog-5.php#5.4.2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://www.php.net/ChangeLog-5.php#5.4.2"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/18836.py","reference_id":"CVE-2012-2336;CVE-2012-2311;CVE-2012-1823;OSVDB-81633","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/18836.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/29290.c","reference_id":"CVE-2012-2336;CVE-2012-2311;CVE-2012-1823;OSVDB-81633","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/29290.c"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/29316.py","reference_id":"CVE-2012-2336;CVE-2012-2311;CVE-2012-1823;OSVDB-81633","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/29316.py"},{"reference_url":"http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/","reference_id":"CVE-2012-2336;OSVDB-81633;CVE-2012-2311;CVE-2012-1823","reference_type":"exploit","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/18834.rb","reference_id":"CVE-2012-2336;OSVDB-81633;CVE-2012-2311;CVE-2012-1823","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/remote/18834.rb"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041","reference_id":"Document.jsp?objectID=c03360041","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"},{"reference_url":"http://www.debian.org/security/2012/dsa-2465","reference_id":"dsa-2465","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://www.debian.org/security/2012/dsa-2465"},{"reference_url":"https://security.gentoo.org/glsa/201209-03","reference_id":"GLSA-201209-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-03"},{"reference_url":"http://www.securitytracker.com/id?1027022","reference_id":"id?1027022","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://www.securitytracker.com/id?1027022"},{"reference_url":"http://marc.info/?l=bugtraq&m=134012830914727&w=2","reference_id":"?l=bugtraq&m=134012830914727&w=2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://marc.info/?l=bugtraq&m=134012830914727&w=2"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html","reference_id":"msg00002.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html","reference_id":"msg00011.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html"},{"reference_url":"https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1","reference_id":"patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff&revision=1335984315&display=1"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/","reference_id":"PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0546","reference_id":"RHSA-2012:0546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0546"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0546.html","reference_id":"RHSA-2012-0546.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0546.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0547","reference_id":"RHSA-2012:0547","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0547"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0547.html","reference_id":"RHSA-2012-0547.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0547.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0568","reference_id":"RHSA-2012:0568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0568"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0568.html","reference_id":"RHSA-2012-0568.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0568.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:0569","reference_id":"RHSA-2012:0569","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:0569"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0569.html","reference_id":"RHSA-2012-0569.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0569.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2012-0570.html","reference_id":"RHSA-2012-0570.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"http://rhn.redhat.com/errata/RHSA-2012-0570.html"},{"reference_url":"https://usn.ubuntu.com/1437-1/","reference_id":"USN-1437-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1437-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/","reference_id":"W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-07T13:10:55Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W45DBOH56NQDRTOM2DN2LNA2FZIMC3PK/"}],"weaknesses":[],"exploits":[{"date_added":"2012-05-05","description":"PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2012-05-05","exploit_type":"remote","platform":"php","source_date_updated":"2012-05-08","data_source":"Exploit-DB","source_url":""},{"date_added":null,"description":"When run as a CGI, PHP up to version 5.3.12 and 5.4.2 is vulnerable to\n          an argument injection vulnerability.  This module takes advantage of\n          the -d flag to set php.ini directives to achieve code execution.\n\n          From the advisory: \"if there is NO unescaped '=' in the query string,\n          the string is split on '+' (encoded space) characters, urldecoded,\n          passed to a function that escapes shell metacharacters (the \"encoded in\n          a system-defined manner\" from the RFC) and then passes them to the CGI\n          binary.\" This module can also be used to exploit the plesk 0day disclosed\n          by kingcope and exploited in the wild on June 2013.","required_action":null,"due_date":null,"notes":"Stability:\n  - crash-safe\nReliability:\n  - repeatable-session\nSideEffects:\n  - ioc-in-logs\n","known_ransomware_campaign_use":false,"source_date_published":"2012-05-03","exploit_type":null,"platform":"PHP","source_date_updated":null,"data_source":"Metasploit","source_url":"https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/http/php_cgi_arg_injection.rb"},{"date_added":"2022-03-25","description":"sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.","required_action":"Apply updates per vendor instructions.","due_date":"2022-04-15","notes":"https://nvd.nist.gov/vuln/detail/CVE-2012-1823","known_ransomware_campaign_use":false,"source_date_published":null,"exploit_type":null,"platform":null,"source_date_updated":null,"data_source":"KEV","source_url":null}],"severity_range_score":"9.8 - 9.8","exploitability":"2.0","weighted_severity":"8.8","risk_score":10.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myft-jnpz-r7gb"}