Computer Security
[EN] securityvulns.ru no-pyccku


mb_parse_str() exceptional conditions protection bypass
Published:22.03.2007
Source:
SecurityVulns ID:7450
Type:library
Threat Level:
5/10
Description:Exceptional conditions during function invocation may lead to enabling register_globals.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
CVE:CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 sets the internal register_globals flag and does not disable it in certain cases when a script terminates, which allows remote attackers to invoke available PHP scripts with register_globals functionality that is not detectable by these scripts, as demonstrated by forcing a memory_limit violation.)
Original documentdocumentPHP-SECURITY, MOPB-26-2007:PHP mb_parse_str() register_globals Activation Vulnerability (22.03.2007)
Files:PHP mb_parse_str() register_globals Activation Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod