| Max CVSS | 7.5 | Min CVSS | 5.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-1823 | 7.5 |
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by
|
16-07-2024 - 17:48 | 11-05-2012 - 10:15 | |
| CVE-2012-2311 | 7.5 |
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to exec
|
13-02-2023 - 00:24 | 11-05-2012 - 10:15 | |
| CVE-2012-1172 | 5.8 |
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, which makes it easier for remote attackers to cause a denial of service (malformed $_FILES indexes) or
|
18-01-2018 - 02:29 | 24-05-2012 - 00:55 |