PHP `php_register_variable_ex()´ Code Execution Vulnerability
Last Update Date:
22 May 2012
Release Date:
6 Feb 2012
4383
Views
RISK: High Risk
TYPE: Security software and application - Security Software & Appliance
A vulnerability has been identified in PHP, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a logic error within the "php_register_variable_ex()" function (php_variables.c) when hashing form posts and updating a hash table, which can be exploited to execute arbitrary code.
Impact
- Remote Code Execution
System / Technologies affected
- PHP 5.3.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Update to version 5.3.10.
Vulnerability Identifier
Source
Related Link
Share with