{"uuid": "9a736132-4493-492b-8c02-32e57e33b676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2012-1823", "type": "seen", "source": "https://t.me/arpsyndicate/1284", "content": "#ExploitObserverAlert\n\nCVE-2012-1823\n\nDESCRIPTION: Exploit Observer has 68 entries related to CVE-2012-1823. sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.\n\nFIRST-EPSS: 0.974910000\nNVD-IS: 6.4\nNVD-ES: 10.0", "creation_timestamp": "2023-12-04T19:18:47.000000Z"}