Finding #9 — CVE-2012-1823
| Inventory item | php-test 8.3.31 (software, php) |
|---|---|
| Title | PHP Group PHP: PHP-CGI OS Command Injection Vulnerability |
| Match | keyword / confidence low |
| Status | new |
| First seen | 2026-06-11T07:35:11Z |
| Last updated | 2026-06-11T07:35:11Z |
| CVE | CVE-2012-1823 KEV since 2022-03-25 |
| CVSS | not enriched yet (pending) |
| Description | sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. |
| Source advisory | PHP Group PHP: PHP-CGI OS Command Injection Vulnerability PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823. |