sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApple Mac Os X
OSApple10.8.0 – 10.8.2 (bez)10.6.8 – 10.7.5 (bez)Debian
OSDebian6.0Fedora Project Fedora
OSFedoraproject3940HP Ux
OSHpb.11.23b.11.31Opensuse
OSOpensuse11.412.1PHP
APPPhp< 5.3.125.4.0 – 5.4.2 (bez)Red Hat Application Stack
APPRedhat2.0Red Hat Enterprise Linux Desktop
OSRedhat6.0Red Hat Enterprise Linux Eus
OSRedhat5.66.16.2Red Hat Enterprise Linux Server
OSRedhat5.06.0Red Hat Enterprise Linux Server Aus
OSRedhat5.35.6Red Hat Enterprise Linux Workstation
OSRedhat5.06.0Red Hat Gluster Storage Server For On Premise
APPRedhat2.0Red Hat Storage
APPRedhat2.0Red Hat Storage For Public Cloud
APPRedhat2.0SUSE Linux Enterprise Server
OSSuse1011SUSE Linux Enterprise Software Development Kit
OSSuse1011
CISA KEV — detailsi
- Vendori
- PHP
- Producti
- PHP
- Added to KEVi
- March 25, 2022
- Remediation deadline (US Federal)i
- April 15, 2022(overdue)
Apply updates per vendor instructions.
sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki