CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
EPSS
Percentile
92.1%
PHP project reports:
Security Enhancements and Fixes in PHP 5.2.5:
Fixed dl() to only accept filenames. Reported by Laurent
Gaffie.
Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887).
Reported by Laurent Gaffie.
Fixed htmlentities/htmlspecialchars not to accept partial
multibyte sequences. Reported by Rasmus Lerdorf
Fixed possible triggering of buffer overflows inside glibc
implementations of the fnmatch(), setlocale() and glob()
functions. Reported by Laurent Gaffie.
Fixed “mail.force_extra_parameters” php.ini directive not to be
modifiable in .htaccess due to the security implications. Reported
by SecurityReason.
Fixed bug #42869 (automatic session id insertion adds sessions
id to non-local forms).
Fixed bug #41561 (Values set with php_admin_* in httpd.conf can
be overwritten with ini_set()).