News
The bug is somewhere in 0ab996a (previous commits works fine, this one and later do not). Yes, php-cgi.exe is in PATH (otherwise the previous commits wouldn't work either).
The only explanation I have for this is that the wamp64 php.exe isn't self contain (e.g load a dll or starts another exe). In this case setting php.executablePath will not work.
Even when PHP isn’t set to CGI mode, however, the vulnerability may still be exploitable when PHP executables such as php.exe and php-cgi.exe are in directories that are accessible by the web ...
Results that may be inaccessible to you are currently showing.
Hide inaccessible results
Feedback