vendor:
PHP
by:
Not mentioned
6.4
CVSS
MEDIUM
Arbitrary Header Injection
113
CWE
Product Name: PHP
Affected Version From: PHP 5.1.2
Affected Version To: Not mentioned
Patch Exists: YES
Related CWE: CVE-2012-1823
CPE: a:php:php
Metasploit:
https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2022-31631/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-0686/, https://www.rapid7.com/db/vulnerabilities/apple-osx-note-cve-2012-1823/, https://www.rapid7.com/db/vulnerabilities/apple-osx-note-cve-2012-2311/, https://www.rapid7.com/db/vulnerabilities/apple-osx-php-cve-2012-1823/, https://www.rapid7.com/db/vulnerabilities/hpux-cve-2012-2311/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-1823/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-2336/, https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2012-1823/, https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-alas-2012-77/, https://www.rapid7.com/db/vulnerabilities/hpsmh-cve-2012-2336/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0546/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0547/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0568/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0569/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2012-2311/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2012-1823/, https://www.rapid7.com/db/vulnerabilities/apple-osx-php-cve-2012-2311/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2012-0570/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-59b68b1e-9c78-11e1-b5e0-000c299b62e1/, https://www.rapid7.com/db/?q=CVE-2012-1823&type=&page=2, https://www.rapid7.com/db/?q=CVE-2012-1823&type=&page=2
Tags: cve2012,kev,vulhub,rce,php,cve
CVSS Metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
Nuclei Metadata: {'max-request': 1, 'vendor': 'php', 'product': 'php'}
Platforms Tested: Not mentioned
2012
Arbitrary Header Injection in PHP
Attackers can inject arbitrary headers through a URL in PHP, leading to potential cross-site request-forgery, cross-site scripting, HTML-injection, and other attacks.
Mitigation:
Update PHP to the latest version available. Validate and sanitize user-supplied input before using it in header functions.