PHP-CGI Query String Parameter Vulnerability

Known Exploited Vulnerability

CVE-2012-1823, PHP-CGI Query String Parameter Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

The following remediation steps are recommended / required by April 15, 2022: Apply updates per vendor instructions.