The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities. One of the vulnerabilities is known as CVE-2012-1823 and is located in a component that allows PHP to run in a Common Gateway Interface (CGI) configuration. The bug allows for URL query strings that contain the “-” character to be interpreted by the php-cgi binary as command line switches, such as -s, -d, -c. The vulnerability can be exploited to disclose source code from PHP scripts or to remotely execute arbitrary code on vulnerable systems.”]