sapi/cgi/cgi_main.c in PHP prior to 5.3.12 and 5.4.x prior to 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote malicious users to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php php |
||
php php 5.3.10 |
||
php php 5.3.3 |
||
php php 5.3.2 |
||
php php 5.3.1 |
||
php php 5.2.12 |
||
php php 5.2.13 |
||
php php 5.2.4 |
||
php php 5.2.7 |
||
php php 5.1.6 |
||
php php 5.1.4 |
||
php php 5.0.0 |
||
php php 5.3.5 |
||
php php 5.3.4 |
||
php php 5.3.9 |
||
php php 5.3.8 |
||
php php 5.3.0 |
||
php php 5.2.5 |
||
php php 5.2.0 |
||
php php 5.2.3 |
||
php php 5.2.15 |
||
php php 5.2.16 |
||
php php 5.1.5 |
||
php php 5.2.6 |
||
php php 5.2.9 |
||
php php 5.2.17 |
||
php php 5.2.10 |
||
php php 5.1.2 |
||
php php 5.1.1 |
||
php php 5.1.0 |
||
php php 5.0.4 |
||
php php 5.0.3 |
||
php php 5.3.7 |
||
php php 5.3.6 |
||
php php 5.2.11 |
||
php php 5.2.8 |
||
php php 5.2.1 |
||
php php 5.2.2 |
||
php php 5.2.14 |
||
php php 5.1.3 |
||
php php 5.0.5 |
||
php php 5.0.2 |
||
php php 5.0.1 |
||
php php 5.4.1 |
||
php php 5.4.0 |
In early June, Kaspersky Lab announced a discovery that opened a whole new chapter in the field of cyber-espionage. Named NetTraveler, this is family of malicious programs used by APT actors to successfully compromise more than 350 high-profile victims in 40 countries. The NetTraveler group infected victims across both the public and private sector including government institutions, embassies, the oil and gas industry, research centers, military contractors and activists. The threat, which has b...