sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the d case.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Php | Php | * | 5.3.12 (excluding) |
| Php | Php | 5.4.0 (including) | 5.4.2 (excluding) |
| Red Hat Enterprise Linux 5 | RedHat | php-0:5.1.6-34.el5_8 | * |
| Red Hat Enterprise Linux 5 | RedHat | php53-0:5.3.3-7.el5_8 | * |
| Red Hat Enterprise Linux 5.3 Long Life | RedHat | php-0:5.1.6-23.3.el5_3 | * |
| Red Hat Enterprise Linux 5.6 EUS - Server Only | RedHat | php-0:5.1.6-27.el5_6.4 | * |
| Red Hat Enterprise Linux 5.6 EUS - Server Only | RedHat | php53-0:5.3.3-1.el5_6.2 | * |
| Red Hat Enterprise Linux 6 | RedHat | php-0:5.3.3-3.el6_2.8 | * |
| Red Hat Enterprise Linux 6.0 EUS - Server Only | RedHat | php-0:5.3.2-6.el6_0.2 | * |
| Red Hat Enterprise Linux 6.1 EUS - Server Only | RedHat | php-0:5.3.3-3.el6_1.4 | * |
| Php5 | Ubuntu | devel | * |
| Php5 | Ubuntu | hardy | * |
| Php5 | Ubuntu | lucid | * |
| Php5 | Ubuntu | natty | * |
| Php5 | Ubuntu | oneiric | * |
| Php5 | Ubuntu | precise | * |