Exploit for #VU4201 OS command injection in PHP
Vulnerability identifier: #VU4201
Vulnerability risk: Critical
CVSSv3.1: 9.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-78
Exploitation vector: Network
Exploits in database: 5
- March 18, 2020
- Apache + PHP < 5.3.12 / < 5.4.2 - Remote Code Execution (Multithreaded Scanner) [Exploit-DB]
- Apache + PHP < 5.3.12 / < 5.4.2 - cgi-bin Remote Code Execution [Exploit-DB]
- PHP < 5.3.12 / < 5.4.2 - CGI Argument Injection [Exploit-DB]
- PHP 5.3.12/5.4.2 - CGI Argument Injection (Metasploit) [Exploit-DB]
- PHP CGI Argument Injection [Metasploit]
Impact: Code execution
Vulnerable software:
PHP
Universal components / Libraries /
Scripting languages
Vendor:
PHP Group
