CVE-2012-2335 — Vulnetix

CVE-2012-2335 PUBLISHED

Reported by redhat · Published May 11, 2012

php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a

Timeline

May 4, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 20, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 13, 2025 EPSS Score
Apr 19, 2025 EPSS Score
Apr 20, 2025 EPSS Score
Apr 27, 2025 EPSS Score

References

x_refsource_MISC
SUSE-SU-2012:0721 vendor-advisoryx_refsource_SUSE
SUSE-SU-2012:0840 vendor-advisoryx_refsource_SUSE
49014 third-party-advisoryx_refsource_SECUNIA
x_refsource_MISC
SSRT100992 vendor-advisoryx_refsource_HP
x_refsource_MISC
VU#520827 third-party-advisoryx_refsource_CERT-VN
x_refsource_MISC
php-phpwrapperfcgi-code-exec(75652) vdb-entryx_refsource_XF

Open in Interactive Console →