mirror of
https://github.com/gobysec/GobyVuls.git
synced 2025-05-05 18:27:13 +00:00
1.7 KiB
1.7 KiB
XAMPP PHP-CGI Windows Code Execution Vulnerability
| Vulnerability | XAMPP PHP-CGI Windows Code Execution Vulnerability |
|---|---|
| Chinese name | XAMPP Windows PHP-CGI 代码执行漏洞 |
| CVSS core | 9.8 |
| FOFA Query (click to view the results directly) | app="php-CGI" |
| Number of assets affected | 7631 |
| Description | PHP is a scripting language executed on the server side. There was a command execution vulnerability before version 8.3.8 of PHP. Due to the "Best-Fit Mapping" feature of Windows, non-ASCII characters may be incorrectly mapped to dash (-) when processing query strings, resulting in command line parameter parsing errors. When php_cgi runs on the Windows platform and the code page is in traditional Chinese, simplified Chinese or Japanese, the attacker can inject malicious parameters through a specific query string to execute arbitrary code. |
| Impact | The attacker can inject malicious parameters through a specific query string to execute arbitrary code to take over the server. |
