CVE-2012-2311

Exp

sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.

Published: 2012-05-11 Last update: 2026-04-29 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2012-2311 is rated High Exploit Risk (74.6/100): CVSS High severity, with high exploitation likelihood (EPSS 74.53%, 99th percentile). 4 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2012-2311

EDB-ID Source Kind Published Link
29316 exploit_db edb 2013-10-31 Exploit-DB ↗
29290 exploit_db edb 2013-10-29 Exploit-DB ↗
18836 exploit_db edb 2012-05-05 Exploit-DB ↗
18834 exploit_db edb 2012-05-04 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2012-2311

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-04-02 83.25% 74.53% -8.71%
2 2026-03-06 83.46% 83.25% -0.21%
3 2026-03-04 83.46%

Full EPSS history (46 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2012-2311

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 6.4 [email protected]

Weakness enumeration for CVE-2012-2311

OS Trackers for CVE-2012-2311

vendor priority summary link
gentoo high CVE-2012-2311: 1 GLSA(s) (201209-03), 1 atom(s) (dev-lang/php); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2012-2311
redhat critical https://access.redhat.com/security/cve/CVE-2012-2311
suse medium CVE-2012-2311 severity moderate: SUSE including 386 source package names (apache2-mod_php5-5.2.14-0.7.30.38.1, apache2-mod_php5-5.6.28-1.1, …), 431 product×package rows across 16 product lines (SUSE Linux Enterprise Server 11 SP1-TERADATA, SUSE Linux Enterprise Server 11 SP2, … (16 product lines)): Fixed 431. https://www.suse.com/security/cve/CVE-2012-2311/
ubuntu medium CVE-2012-2311 medium priority: Ubuntu including 1 source packages (php5), 6 status rows across 6 suites (hardy, lucid, natty, oneiric, precise, upstream): released 5, needs-triage 1. https://ubuntu.com/security/CVE-2012-2311

Affected software / configurations for CVE-2012-2311

Vendor Product Version Raw CPE
php php <= 5.3.12 cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
php php 1.0 cpe:2.3:a:php:php:1.0:*:*:*:*:*:*:*
php php 2.0 cpe:2.3:a:php:php:2.0:*:*:*:*:*:*:*
php php 2.0b10 cpe:2.3:a:php:php:2.0b10:*:*:*:*:*:*:*
php php 3.0 cpe:2.3:a:php:php:3.0:*:*:*:*:*:*:*
php php 3.0.1 cpe:2.3:a:php:php:3.0.1:*:*:*:*:*:*:*
php php 3.0.2 cpe:2.3:a:php:php:3.0.2:*:*:*:*:*:*:*
php php 3.0.3 cpe:2.3:a:php:php:3.0.3:*:*:*:*:*:*:*
php php 3.0.4 cpe:2.3:a:php:php:3.0.4:*:*:*:*:*:*:*
php php 3.0.5 cpe:2.3:a:php:php:3.0.5:*:*:*:*:*:*:*
php php 3.0.6 cpe:2.3:a:php:php:3.0.6:*:*:*:*:*:*:*
php php 3.0.7 cpe:2.3:a:php:php:3.0.7:*:*:*:*:*:*:*
php php 3.0.8 cpe:2.3:a:php:php:3.0.8:*:*:*:*:*:*:*
php php 3.0.9 cpe:2.3:a:php:php:3.0.9:*:*:*:*:*:*:*
php php 3.0.10 cpe:2.3:a:php:php:3.0.10:*:*:*:*:*:*:*
php php 3.0.11 cpe:2.3:a:php:php:3.0.11:*:*:*:*:*:*:*
php php 3.0.12 cpe:2.3:a:php:php:3.0.12:*:*:*:*:*:*:*
php php 3.0.13 cpe:2.3:a:php:php:3.0.13:*:*:*:*:*:*:*
php php 3.0.14 cpe:2.3:a:php:php:3.0.14:*:*:*:*:*:*:*
php php 3.0.15 cpe:2.3:a:php:php:3.0.15:*:*:*:*:*:*:*
php php 3.0.16 cpe:2.3:a:php:php:3.0.16:*:*:*:*:*:*:*
php php 3.0.17 cpe:2.3:a:php:php:3.0.17:*:*:*:*:*:*:*
php php 3.0.18 cpe:2.3:a:php:php:3.0.18:*:*:*:*:*:*:*
php php 4.0 cpe:2.3:a:php:php:4.0:beta_4_patch1:*:*:*:*:*:*
php php 4.0 cpe:2.3:a:php:php:4.0:beta1:*:*:*:*:*:*
php php 4.0 cpe:2.3:a:php:php:4.0:beta2:*:*:*:*:*:*
php php 4.0 cpe:2.3:a:php:php:4.0:beta3:*:*:*:*:*:*
php php 4.0 cpe:2.3:a:php:php:4.0:beta4:*:*:*:*:*:*
php php 4.0.0 cpe:2.3:a:php:php:4.0.0:*:*:*:*:*:*:*
php php 4.0.1 cpe:2.3:a:php:php:4.0.1:*:*:*:*:*:*:*
php php 4.0.2 cpe:2.3:a:php:php:4.0.2:*:*:*:*:*:*:*
php php 4.0.3 cpe:2.3:a:php:php:4.0.3:*:*:*:*:*:*:*
php php 4.0.4 cpe:2.3:a:php:php:4.0.4:*:*:*:*:*:*:*
php php 4.0.5 cpe:2.3:a:php:php:4.0.5:*:*:*:*:*:*:*
php php 4.0.6 cpe:2.3:a:php:php:4.0.6:*:*:*:*:*:*:*
php php 4.0.7 cpe:2.3:a:php:php:4.0.7:*:*:*:*:*:*:*
php php 4.1.0 cpe:2.3:a:php:php:4.1.0:*:*:*:*:*:*:*
php php 4.1.1 cpe:2.3:a:php:php:4.1.1:*:*:*:*:*:*:*
php php 4.1.2 cpe:2.3:a:php:php:4.1.2:*:*:*:*:*:*:*
php php 4.2.0 cpe:2.3:a:php:php:4.2.0:*:*:*:*:*:*:*
php php 4.2.1 cpe:2.3:a:php:php:4.2.1:*:*:*:*:*:*:*
php php 4.2.2 cpe:2.3:a:php:php:4.2.2:*:*:*:*:*:*:*
php php 4.2.3 cpe:2.3:a:php:php:4.2.3:*:*:*:*:*:*:*
php php 4.3.0 cpe:2.3:a:php:php:4.3.0:*:*:*:*:*:*:*
php php 4.3.1 cpe:2.3:a:php:php:4.3.1:*:*:*:*:*:*:*
php php 4.3.2 cpe:2.3:a:php:php:4.3.2:*:*:*:*:*:*:*
php php 4.3.3 cpe:2.3:a:php:php:4.3.3:*:*:*:*:*:*:*
php php 4.3.4 cpe:2.3:a:php:php:4.3.4:*:*:*:*:*:*:*
php php 4.3.5 cpe:2.3:a:php:php:4.3.5:*:*:*:*:*:*:*
php php 4.3.6 cpe:2.3:a:php:php:4.3.6:*:*:*:*:*:*:*
php php 4.3.7 cpe:2.3:a:php:php:4.3.7:*:*:*:*:*:*:*
php php 4.3.8 cpe:2.3:a:php:php:4.3.8:*:*:*:*:*:*:*
php php 4.3.9 cpe:2.3:a:php:php:4.3.9:*:*:*:*:*:*:*
php php 4.3.10 cpe:2.3:a:php:php:4.3.10:*:*:*:*:*:*:*
php php 4.3.11 cpe:2.3:a:php:php:4.3.11:*:*:*:*:*:*:*
php php 4.4.0 cpe:2.3:a:php:php:4.4.0:*:*:*:*:*:*:*
php php 4.4.1 cpe:2.3:a:php:php:4.4.1:*:*:*:*:*:*:*
php php 4.4.2 cpe:2.3:a:php:php:4.4.2:*:*:*:*:*:*:*
php php 4.4.3 cpe:2.3:a:php:php:4.4.3:*:*:*:*:*:*:*
php php 4.4.4 cpe:2.3:a:php:php:4.4.4:*:*:*:*:*:*:*
php php 4.4.5 cpe:2.3:a:php:php:4.4.5:*:*:*:*:*:*:*
php php 4.4.6 cpe:2.3:a:php:php:4.4.6:*:*:*:*:*:*:*
php php 4.4.7 cpe:2.3:a:php:php:4.4.7:*:*:*:*:*:*:*
php php 4.4.8 cpe:2.3:a:php:php:4.4.8:*:*:*:*:*:*:*
php php 4.4.9 cpe:2.3:a:php:php:4.4.9:*:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*
php php 5.0.0 cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*
php php 5.0.1 cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*
php php 5.0.2 cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*
php php 5.0.3 cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*
php php 5.0.4 cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*
php php 5.0.5 cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*
php php 5.1.0 cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*
php php 5.1.1 cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*

References for CVE-2012-2311

URL Tags
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-05/msg00011.html
http://marc.info/?l=bugtraq&m=134012830914727&w=2
http://secunia.com/advisories/49014
http://secunia.com/advisories/49085
http://support.apple.com/kb/HT5501
http://www.debian.org/security/2012/dsa-2465
http://www.kb.cert.org/vuls/id/520827 US Government Resource
http://www.php.net/ChangeLog-5.php#5.4.3
http://www.php.net/archive/2012.php#id2012-05-08-1
http://www.securitytracker.com/id?1027022
https://bugs.php.net/bug.php?id=61910 Vendor Advisory
https://bugs.php.net/patch-display.php?bug_id=61910&patch=cgi.diff-fix-check.patch&revision=1336093719&display=1
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862
cvelogic Threat Intelligence