VULHUB ™

The PHP CGI SAPI contains an unspecified bug that renders options for preventing direct access to the CGI binary useless. The configuratin option '--enable-force-cgi-redirect' and the php.ini option 'cgi.force_redirect' could be disabled by this bug, allowing an attacker to gain access to any file readable by the webserver user. Arbitrary PHP code could also be executed.

The PHP CGI SAPI contains an unspecified bug that renders options for preventing direct access to the CGI binary useless. The configuratin option '--enable-force-cgi-redirect' and the php.ini option 'cgi.force_redirect' could be disabled by this bug, allowing an attacker to gain access to any file readable by the webserver user. Arbitrary PHP code could also be executed.