PHP-CGI vulnerability

[SirDice]

A rather serious bug has been found in PHP. Specifically if you use PHP as CGI. The bug got accidentally disclosed before it was fixed and this information seems to spead quickly. It also looks like it's trivial to abuse. You might want to verify your setup.

A copy of the disclosed information can be found here: http://ompldr.org/vZGxxaQ

 

[SirDice]

Some more information: http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/

 

[da1]

A rather serious bug has been found in PHP.

A friend of mine once told me "PHP itself is a bug" ).