PHP CGI Query String Parameter Processing Remote Code Execution
This vulnerability in PHP 5.3.12 and 5.4x before 5.4.2 when configured as a CGI script (php-cgi), a query which lacks and = sign will not be properly handled. So a remote attack may be possible. And the problem will be that one will not know it is on the web server, unless one check … Read more