Vulnerability
Description
A vulnerability in PHP, when run using CGI, allows arbitrary code execution by exploiting the lack of an unescaped ‘=’ character in query strings. This enables an attacker to execute operating system commands on the web server and return the results to the user’s browser.
Recommendation
Upgrade to the latest stable version of PHP or use Apache with mod_rewrite to filter out malicious requests using RewriteCond and RewriteRule directives.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
