- Description
- sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
- Source
- cret@cert.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- PHP-CGI Query String Parameter Vulnerability
- Exploit added on
- Mar 25, 2022
- Exploit action due
- Apr 15, 2022
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7565237-10C7-44C5-BFA0-24C84E7B10C3",
"versionEndExcluding": "5.3.12"
},
{
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E2DD924-DBE9-438D-B5D9-60840046CA08",
"versionEndExcluding": "5.4.2",
"versionStartIncluding": "5.4.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12C73959-3E02-4847-8962-651D652800EE"
},
{
"criteria": "cpe:2.3:o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B64BBA96-FB3C-46AC-9A29-50EE02714FE9"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1D7B467-58DD-45F1-9F1F-632620DF072A"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*",
"vulnerable": true,
"matchCriteriaId": "88D6E858-FD8F-4C55-B7D5-CEEDA2BBA898"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*",
"vulnerable": true,
"matchCriteriaId": "DB4D6749-81A1-41D7-BF4F-1C45A7F49A22"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "436EF2ED-FDBB-4B64-8EC4-33C3E4253F06"
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AA37837-3083-4DC7-94F4-54FD5D7CB53C"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF149F33-4D3B-4252-8D96-AB912B2DEB43",
"versionEndExcluding": "10.7.5",
"versionStartIncluding": "10.6.8"
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "283B3DF2-DAFA-4333-B3CF-181ACD635137",
"versionEndExcluding": "10.8.2",
"versionStartIncluding": "10.8.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:application_stack:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "847A353B-833B-4A2A-8B87-2C6BA88A8CC8"
},
{
"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89"
},
{
"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507"
},
{
"criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "903512FC-0017-4564-9B89-7E64FFB14B11"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BEEC943-452C-4A19-B492-5EC8ADE427CD"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0554C89-3716-49F3-BFAE-E008D5E4E29C"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1F87B994-28E4-4095-8770-6433DE9C93AB"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:5.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB6ADFB8-210D-4E46-82A2-1C8705928382"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
}
],
"operator": "OR"
}
]
}
]