PHP.CGI.Argument.Injection

description-logoDescription

This indicates an attack attempt against an Argument Injection vulnerability in PHP CGI.
The vulnerability is caused by an error when the vulnerable software handles a malicious request. It allows a remote attacker to execute arbitrary code via a crafted URI.

affected-products-logoAffected Products

PHP before 5.3.12
PHP 5.4.x before 5.4.2

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

The vendor issued a fix (5.3.12, 5.4.2) for CVE-2012-1823. It was incomplete fix, does not fully correct the vulnerability [CVE-2012-2311].
The vendor has issued a fix (5.3.13, 5.4.3) for CVE-2012-2311.
http://us2.php.net/downloads.php

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)