{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49119?format=json","vulnerability_id":"VCID-vjm8-c1u4-wfab","summary":"Multiple vulnerabilities were found in PHP, the worst of which lead\n    to remote execution of arbitrary code.","aliases":[{"alias":"CVE-2012-2336"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/77748?format=json","purl":"pkg:ebuild/dev-lang/php@5.3.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.3.15"},{"url":"http://public2.vulnerablecode.io/api/packages/77749?format=json","purl":"pkg:ebuild/dev-lang/php@5.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.4.5"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/126017?format=json","purl":"pkg:rpm/redhat/php@5.1.6-39?arch=el5_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2pjr-p6ge-nfa9"},{"vulnerability":"VCID-3zy4-mx5a-yqbs"},{"vulnerability":"VCID-krz2-adgm-kqe1"},{"vulnerability":"VCID-vjm8-c1u4-wfab"},{"vulnerability":"VCID-zquc-69kh-yqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.1.6-39%3Farch=el5_8"},{"url":"http://public2.vulnerablecode.io/api/packages/125991?format=json","purl":"pkg:rpm/redhat/php@5.3.3-14?arch=el6_3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2pjr-p6ge-nfa9"},{"vulnerability":"VCID-35a3-5eq3-8bep"},{"vulnerability":"VCID-3zy4-mx5a-yqbs"},{"vulnerability":"VCID-dd63-8v57-afad"},{"vulnerability":"VCID-hzpu-97n9-jqaa"},{"vulnerability":"VCID-krz2-adgm-kqe1"},{"vulnerability":"VCID-usmw-6d5u-tba8"},{"vulnerability":"VCID-vjm8-c1u4-wfab"},{"vulnerability":"VCID-zquc-69kh-yqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.3.3-14%3Farch=el6_3"},{"url":"http://public2.vulnerablecode.io/api/packages/125992?format=json","purl":"pkg:rpm/redhat/php53@5.3.3-13?arch=el5_8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2pjr-p6ge-nfa9"},{"vulnerability":"VCID-35a3-5eq3-8bep"},{"vulnerability":"VCID-3zy4-mx5a-yqbs"},{"vulnerability":"VCID-hzpu-97n9-jqaa"},{"vulnerability":"VCID-krz2-adgm-kqe1"},{"vulnerability":"VCID-usmw-6d5u-tba8"},{"vulnerability":"VCID-vjm8-c1u4-wfab"},{"vulnerability":"VCID-zquc-69kh-yqdg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php53@5.3.3-13%3Farch=el5_8"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2336.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-2336.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2336","reference_id":"","reference_type":"","scores":[{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97719","published_at":"2026-05-12T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97678","published_at":"2026-04-02T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97679","published_at":"2026-04-07T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97684","published_at":"2026-04-08T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97687","published_at":"2026-04-09T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97689","published_at":"2026-04-11T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97691","published_at":"2026-04-12T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97693","published_at":"2026-04-13T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97699","published_at":"2026-04-16T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97701","published_at":"2026-04-24T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97702","published_at":"2026-04-26T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97708","published_at":"2026-04-29T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97711","published_at":"2026-05-05T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97713","published_at":"2026-05-07T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97714","published_at":"2026-05-09T12:55:00Z"},{"value":"0.47326","scoring_system":"epss","scoring_elements":"0.97715","published_at":"2026-05-11T12:55:00Z"},{"value":"0.5291","scoring_system":"epss","scoring_elements":"0.97931","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2336"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=820708","reference_id":"820708","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=820708"},{"reference_url":"https://security.gentoo.org/glsa/201209-03","reference_id":"GLSA-201209-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201209-03"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1045","reference_id":"RHSA-2012:1045","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1045"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1046","reference_id":"RHSA-2012:1046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1047","reference_id":"RHSA-2012:1047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1047"},{"reference_url":"https://usn.ubuntu.com/1481-1/","reference_id":"USN-1481-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1481-1/"}],"weaknesses":[{"cwe_id":228,"name":"Improper Handling of Syntactically Invalid Structure","description":"The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification."},{"cwe_id":400,"name":"Uncontrolled Resource Consumption","description":"The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources."}],"exploits":[{"date_added":"2012-05-05","description":"PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection","required_action":null,"due_date":null,"notes":null,"known_ransomware_campaign_use":true,"source_date_published":"2012-05-05","exploit_type":"remote","platform":"php","source_date_updated":"2012-05-08","data_source":"Exploit-DB","source_url":""}],"severity_range_score":null,"exploitability":"2.0","weighted_severity":"0.5","risk_score":1.0,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjm8-c1u4-wfab"}