7.5 CVE-2012-2311
RCE Injection SQL Used by Malware
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
https://nvd.nist.gov/vuln/detail/CVE-2012-2311
Categories
CWE-89 : Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. a common attack-oriented phrase a common abbreviation for "SQL injection" This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results. Manual analysis can be useful for finding this weakness, but it might not achieve desired code coverage within limited time constraints. This becomes difficult for weaknesses that must be considered for all inputs, since the attack surface can be too large. For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server. When the set of acceptable objects, such as filenames or URLs, is limited or known, create a mapping from a set of fixed input values (such as numeric IDs) to the actual filenames or URLs, and reject all other inputs. Use an application firewall that can detect attacks against this weakness. It can be beneficial in cases in which the code cannot be fixed (because it is controlled by a third party), as an emergency prevention measure while more comprehensive software assurance measures are applied, or to provide defense in depth. When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues. SQL injection in security product dashboard using crafted certificate fields SQL injection in time and billing software, as exploited in the wild per CISA KEV. SQL injection in file-transfer system via a crafted Host header, as exploited in the wild per CISA KEV. SQL injection in firewall product's admin interface or user portal, as exploited in the wild per CISA KEV. An automation system written in Go contains an API that is vulnerable to SQL injection allowing the attacker to read privileged data. chain: SQL injection in library intended for database authentication allows SQL injection and authentication bypass. SQL injection through an ID that was supposed to be numeric. SQL injection through an ID that was supposed to be numeric. SQL injection via user name. SQL injection via user name or password fields. SQL injection in security product, using a crafted group name. SQL injection in authentication library. SQL injection in vulnerability management and reporting tool, using a crafted password.
References
secalert@redhat.com
CPE
cpe | start | end |
---|---|---|
Configuration 1 | ||
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* | <= 5.3.12 | |
cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.4.0:beta2:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:* | ||
cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:* |
REMEDIATION
EXPLOITS
Exploit-db.com
id | description | date | |
---|---|---|---|
No known exploits |
POC Github
Url |
---|
No known exploits |
Other Nist (github, ...)
Url |
---|
No known exploits |
CAPEC
Common Attack Pattern Enumerations and Classifications
id | description | severity |
---|---|---|
109 | Object Relational Mapping Injection |
High |
110 | SQL Injection through SOAP Parameter Tampering |
Very High |
108 | Command Line Execution through SQL Injection |
Very High |
470 | Expanding Control over the Operating System from the Database |
Very High |
66 | SQL Injection |
High |
7 | Blind SQL Injection |
High |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.