Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2012-1823

Description

sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.

POC

Reference

No PoCs from references.

Github

- https://github.com/0xFatality/CVE-2012-1823

- https://github.com/0xl0k1/CVE-2012-1823

- https://github.com/1060275195/Covid-v2-Botnet

- https://github.com/20142995/nuclei-templates

- https://github.com/404tk/lazyscan

- https://github.com/ARPSyndicate/cvemon

- https://github.com/ARPSyndicate/kenzer-templates

- https://github.com/Andriamradokely/Warchall-Solutions

- https://github.com/BCyberSavvy/Python

- https://github.com/BTtea/BTteaLFI

- https://github.com/BTtea/CVE-2024-4577-RCE-PoC

- https://github.com/BitTheByte/Eagle

- https://github.com/CVEDB/PoC-List

- https://github.com/CVEDB/awesome-cve-repo

- https://github.com/Chiku014/vulnerability-scanner

- https://github.com/CyberSavvy/python-pySecurity

- https://github.com/Dmitri131313/CVE-2012-1823-exploit-for-https-user-password-web

- https://github.com/Fatalitysec/CVE-2012-1823

- https://github.com/Fatalityx84/CVE-2012-1823

- https://github.com/Fkmanny/web-app-nessus-vulnerability-assessment

- https://github.com/J-16/Pentester-Bootcamp

- https://github.com/JFR-C/Boot2root-CTFs-Writeups

- https://github.com/JasonHobs/CVE-2012-1823-exploit-for-https-user-password-web

- https://github.com/Jean-Francois-C/Boot2root-CTFs-Writeups

- https://github.com/Jimmy01240397/CVE-2012-1823-Analyze

- https://github.com/Mr-xn/Penetration_Testing_POC

- https://github.com/MrScytheLULZ/covid

- https://github.com/NCSU-DANCE-Research-Group/CDL

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/R0B1NL1N/webappurls

- https://github.com/RedisMadani/cyber-vault

- https://github.com/RootUp/AutoSploit

- https://github.com/SLTN91/Microservices-Applications-Attack-and-Detection

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Soundaryakambhampati/test-6

- https://github.com/Unix13/metasploitable2

- https://github.com/Vibragence/Dockersploit

- https://github.com/XiangDongCJC/CVE-2024-4577-PHP-CGI-RCE

- https://github.com/YusukeJustinNakajima/BugBounty-Resources-For-Japanese

- https://github.com/ajread4/cve_pull

- https://github.com/alex14324/Eagel

- https://github.com/beched/libpywebhack

- https://github.com/bl4cksku11/CVE-2024-4577

- https://github.com/cyberdeception/deepdig

- https://github.com/cyberharsh/PHP_CVE-2012-1823

- https://github.com/daai1/CVE-2012-1823

- https://github.com/drone789/CVE-2012-1823

- https://github.com/dxktw/cyber-vault

- https://github.com/fotisnanossec/Vuln-Report-AI

- https://github.com/g1san/Agents-for-Vulnerable-Dockers-and-related-Benchmarks

- https://github.com/infodox/exploits

- https://github.com/kalivim/pySecurity

- https://github.com/khansiddique/VulnHub-Boot2root-CTFs-Writeups

- https://github.com/komy1/nmap-nuclei--scanner

- https://github.com/krishpranav/autosploit

- https://github.com/kschltz/lanchonete

- https://github.com/marcocastro100/Intrusion_Detection_System-Python

- https://github.com/nemocyberworld/Captain-Nemo

- https://github.com/nemocyberworld/captain-nemo

- https://github.com/nicmmrob/Pentester-Bootcamp

- https://github.com/panduki/SIE

- https://github.com/paulveillard/cybersecurity-infosec

- https://github.com/psifertex/ctf-vs-the-real-world

- https://github.com/pwnwiki/webappurls

- https://github.com/slxwzk/slxwzkBotnet

- https://github.com/smartFlash/pySecurity

- https://github.com/suin-xoops/xoopscube-preloads

- https://github.com/tardummy01/oscp_scripts-1

- https://github.com/theGreenJedi/Hacker-Guides

- https://github.com/thekarunakarreddy/Enterprise-Security-Assessment

- https://github.com/theykillmeslowly/CVE-2012-1823

- https://github.com/tourvan/penetration-testing-report

- https://github.com/zhibx/fscan-Intranet

- https://github.com/zomasec/CVE-2024-4577