SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  PHP CGI Argument Injection

Category: PL-VULNS      

In PHP versions 8.1.x before 8.1.29, 8.2.x before 8.2.20, 8.3.x before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may misinterpret those characters as PHP options, which may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server.

References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1250


Relevant Information