Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP ‘php-wrapper.fcgi’ 权限许可和访问控制问题漏洞
Vulnerability Description
PHP(PHP:Hypertext Preprocessor,PHP:超文本预处理器)是PHP Group和开放源代码社区共同维护的一种开源的通用计算机脚本语言。该语言主要用于Web开发,支持多种数据库及操作系统。 PHP 5.3.12版本与5.4.2版本中存在漏洞,该漏洞源于php-wrapper.fcgi未正确处理命令行参数。远程攻击者可利用该漏洞通过PHP sapi/cgi/cgi_main.c组件与以+-序列开始的查询字符串之间的不正确交互,绕过保护机制进而执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A