Vulnerability
Description
A vulnerability in PHP, when configured to run using CGI, allows an attacker to disclose the source code of PHP files and potentially execute arbitrary code. This occurs when a query string lacks an unescaped ‘=’ character, causing PHP to output the file contents directly.
Recommendation
Upgrade to the latest stable version of PHP or use Apache’s mod_rewrite module with RewriteCond and RewriteRule directives to filter out malicious requests.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
