Unrated severityNVD Advisory· Published May 11, 2012· Updated Jun 16, 2026
CVE-2012-2335
CVE-2012-2335
Description
php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords2 versionspkg:rpm/opensuse/php5&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweed
< 5.6.28-1.1+ 1 more
- (no CPE)range: < 5.6.28-1.1
- (no CPE)range: < 7.0.14-1.4
Patches
Vulnerability mechanics
References
9- bugs.php.net/bug.phpnvdVendor Advisory
- www.kb.cert.org/vuls/id/520827nvdUS Government Resource
- eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/nvd
- lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.htmlnvd
- secunia.com/advisories/49014nvd
- www.php.net/archive/2012.phpnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/75652nvd
- h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplaynvd
News mentions
0No linked articles in our index yet.