PHP CGI Query String Parameter Processing Remote Code Execution

 

This vulnerability in PHP 5.3.12 and 5.4x before 5.4.2 when configured as a CGI script (php-cgi), a query which lacks and = sign will not be properly handled. So a remote attack may be possible.

And the problem will be that one will not know it is on the web server, unless one check for odd ports being open on the server.

Since after the PHP “bad code” it will cause more code to be opened and downloaded on the now infected machine.

http://www.qualys.com/research/sans-at-risk/2014/week-2/

Advertisements