PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files.
According to PHP's website, "PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML." When PHP is used in a CGI-based setup (such as Apache's mod_cgid), the php-cgi receives a processed query string parameter as command line arguments which allows command-line switches, such as -s, -d or -c to be passed to the php-cgi binary, which can be exploited to disclose source code and obtain arbitrary code execution.
An example of the -s command, allowing an attacker to view the source code of index.php is below:
A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute arbitrary code with the privileges of the web server.
Apply mod_rewrite rule
According to PHP's website Apache+mod_php and nginx+php-fpm are not affected.
The PHP Group
Thanks to De Eindbazen for reporting this vulnerability.
This document was written by Michael Orlando.