A vulnerability has been found in PHP installations accessed via CGI where an attacker can gain access to command line parameters of PHP and access the server through this vulnerability. This can allow them to manipulate websites outside the standard operating procedure. According to the report, servers set up to use FastCGI are not vulnerable. FastCGI is the recommended method of installing PHP today. However a lot of servers continue to use the CGI method of calling PHP.
To see if your server uses CGI or FastCGI, look at your PHP Info (Dashboard > Server) in your Admin Control Panel. The first table should have an entry for Server API. This should say "CGI/FASTCGI". If it only says "CGI" then you should contact your host so they can update the server to use FastCGI.
PHP has released PHP 5.3.13 and 5.4.3 to try and counteract this issue but
experts say it isn't adequate.
For more information please see:http://www.kb.cert.org/vuls/id/520827http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/