/alerttags/cve-2012-1823/ Recent content in CVE-2012-1823 on ZAP Hugo en-us /docs/alerts/20018/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20018/ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped &ldquo;=&rdquo; character, enabling arbitrary code execution. In this case, an operating system command was caused to be executed on the web server, and the results were returned to the web browser.</p> /docs/alerts/20017/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20017/ <p>Some PHP versions, when configured to run using CGI, do not correctly handle query strings that lack an unescaped &ldquo;=&rdquo; character, enabling PHP source code disclosure, and arbitrary code execution. In this case, the contents of the PHP file were served directly to the web browser. This output will typically contain PHP, although it may also contain straight HTML.</p>