Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.
| Max Base Score | 7.5 |
| Published | 2012-07-07 |
| Updated | 2023-02-13 |
| EPSS | 8.51% |
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM object VARIANT types, as exploited in the wild in May 2012.
| Max Base Score | 10.0 |
| Published | 2012-05-21 |
| Updated | 2017-08-29 |
| EPSS | 26.42% |
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
| Max Base Score | 7.5 |
| Published | 2012-05-11 |
| Updated | 2023-02-13 |
| EPSS | 14.25% |
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
| Max Base Score | 7.5 |
| Published | 2012-05-11 |
| Updated | 2023-02-13 |
| EPSS | 95.14% |
CVE-2012-1823
Public exploit exists
Known Exploited Vulnerability
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
| Max Base Score | 7.5 |
| Published | 2012-05-11 |
| Updated | 2018-01-18 |
| EPSS | 97.49% |
| KEV Added | 2022-03-25 |
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.
| Max Base Score | 7.5 |
| Published | 2012-02-06 |
| Updated | 2023-02-13 |
| EPSS | 90.68% |
6 vulnerabilities found