Cyber Resilience

CVE-2012-1823

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 11 May 2012

Published
11 May 2012
Modified
21 April 2026
KEV Added
25 March 2022
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9436 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2012-1823 is a critical-severity Command Injection (CWE-77) vulnerability in Suse Linux Enterprise Server. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability affects sapi/cgi/cgi_main.c in PHP versions before 5.3.12 and 5.4.x before 5.4.2 when the interpreter is configured to run as a CGI script (php-cgi). It stems from improper handling of query strings that lack an equals sign character and a failure to skip php_getopt processing in the 'd' case, which is tracked under CWE-77 and carries a CVSS 3.1 score of 9.8.

Remote attackers can exploit the flaw over the network without authentication by supplying command-line options directly in the query string, enabling them to execute arbitrary code on the affected server.

Vendor advisories referenced for this issue, including those from Apple, HP, and OpenSUSE, address mitigation through updates that resolve the CGI query-string handling defect.

EU & UK References

Vulnerability details

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing…

more

command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

CWE(s)
KEV Date Added
25 March 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

php
php
≤ 5.3.12 · 5.4.0 — 5.4.2
fedoraproject
fedora
39, 40
debian
debian linux
6.0
hp
hp-ux
b.11.23, b.11.31
opensuse
opensuse
11.4, 12.1
suse
linux enterprise server
10, 11
suse
linux enterprise software development kit
10, 11
apple
mac os x
10.6.8 — 10.7.5 · 10.8.0 — 10.8.2
redhat
application stack
2.0
redhat
gluster storage server for on-premise
2.0
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of CGI query-string inputs to block command-line option injection via malformed strings lacking '='.

prevent

Mandates prompt application of vendor patches that correct the php_getopt handling defect in sapi/cgi/cgi_main.c.

prevent

Restricts use of php-cgi binary and disables unnecessary CGI interfaces that enable the query-string code-execution path.

References